CC5 security concern ! Any one shed some light on this one , not happy
Permalink
I found out last night by random chance while looking into an unrelated matter Someone calling index.php (his ip is at the beginning of the line).[ attached ] he's got a Czech IP.: 77.75.78.163. Looks like a bot so me and they are Indexing sites that have running blogs . [ i think ]
I asked host comapany if I could SSH into thier servers which are Linux Cloud shared servers which they said no. surprise. But looked into what I could SSH into .
I asked my host how this happened as i was concerned as I have script on my page that redirects people to a third party payment system and I just moved the CC5 to new sever from North America to a Server in Sydney Australia. During the transition the SSL was down for around 24 once back up and running.
This was my host company reply was.
" We have reviewed your question but unfortunately, we can only provide you with the information which you already know- The IP is from the Czech Republic. Additionally, we can not even confirm that this is 100% true because it can be masked making this information a false-positive.
Lastly, we have checked our security systems and server logs and we can assure you that the server has not been compromised by anyone. It is possible that your website has been accessed from an attacker. Additionally(If you have any), the IP could be from one of your developers or other people or third-party group who have access to your cPanel or admin area of your script.
We strongly recommend that you use a strong password for your scripts, accounts and make sure that you are using the latest versions of your application/extension and etc to ensure the highest security possible. Of course sharing your password with fewer people is highly recommended.
Can you shed any light on it Charlie as I dont really understand how it happened, what they IP or bot whatever was doing, or what to think , sort of stresses me.
See attached screen shot in server showing suspicious activity from the IP address 77.75.78.163
Any feedback would be great, in simply speak would be great !
Thanks
I asked host comapany if I could SSH into thier servers which are Linux Cloud shared servers which they said no. surprise. But looked into what I could SSH into .
I asked my host how this happened as i was concerned as I have script on my page that redirects people to a third party payment system and I just moved the CC5 to new sever from North America to a Server in Sydney Australia. During the transition the SSL was down for around 24 once back up and running.
This was my host company reply was.
" We have reviewed your question but unfortunately, we can only provide you with the information which you already know- The IP is from the Czech Republic. Additionally, we can not even confirm that this is 100% true because it can be masked making this information a false-positive.
Lastly, we have checked our security systems and server logs and we can assure you that the server has not been compromised by anyone. It is possible that your website has been accessed from an attacker. Additionally(If you have any), the IP could be from one of your developers or other people or third-party group who have access to your cPanel or admin area of your script.
We strongly recommend that you use a strong password for your scripts, accounts and make sure that you are using the latest versions of your application/extension and etc to ensure the highest security possible. Of course sharing your password with fewer people is highly recommended.
Can you shed any light on it Charlie as I dont really understand how it happened, what they IP or bot whatever was doing, or what to think , sort of stresses me.
See attached screen shot in server showing suspicious activity from the IP address 77.75.78.163
Any feedback would be great, in simply speak would be great !
Thanks
Why is this suspicious? If your site is on the internet, it will be accessible to all countries unless you've gone to a LOT of trouble to geo-block (which is unreliable at best).
Just a typical newbie. Turns out it was just yandex browser indexing the site