2014-03-15, 02:48 AM
I had set up a quiet little forum with under 10 users. I never expected many users.
I had also done all of the good things to prevent hackers: changed the path to the admin area, used cpanel to add extra access passwords for it, strong passwords for the admin CP, htaccess with deny lists for known hackers from other WP sites I run and from the history of bogus registration attempts manually checked against Cleantalk etc. I also pass the site through Cloudflare. And so on.
In fact, the site never did get hacked. However, I still just suspended it, at least temporarily, through WHM. The reason is that all of the monthly BW that I allocated to the site has been consumed by hits against calendar.php and a few other scripts. My research suggests that there had been a SQL injection flaw in earlier versions of myBB (I was running the latest). I had nearly 50,000 hits in a couple of weeks against calendar.php on a board with fewer than 10 registrations.
Since the attempts didn't yield any positive results for the bad guys, it seems that the hack scripting community is lagging behind. However, it still yields a negative result for me since I have to pay for the resources that these goofballs are consuming.
I also assume that my little board is not the only one seeing this sort of activity in the background. Short of shutting down the calendar system, is there any reasonable way to throttle this? Since I have a very diverse interest group, simply blocking entire countries with htaccess or firewalls isn't really in the cards for me. At least a few thousand bad guys (or maybe one bad guy with access to a few thousand IP addresses) seem to think that calendar.php is vulnerable.
Comments?
I had also done all of the good things to prevent hackers: changed the path to the admin area, used cpanel to add extra access passwords for it, strong passwords for the admin CP, htaccess with deny lists for known hackers from other WP sites I run and from the history of bogus registration attempts manually checked against Cleantalk etc. I also pass the site through Cloudflare. And so on.
In fact, the site never did get hacked. However, I still just suspended it, at least temporarily, through WHM. The reason is that all of the monthly BW that I allocated to the site has been consumed by hits against calendar.php and a few other scripts. My research suggests that there had been a SQL injection flaw in earlier versions of myBB (I was running the latest). I had nearly 50,000 hits in a couple of weeks against calendar.php on a board with fewer than 10 registrations.
Since the attempts didn't yield any positive results for the bad guys, it seems that the hack scripting community is lagging behind. However, it still yields a negative result for me since I have to pay for the resources that these goofballs are consuming.
I also assume that my little board is not the only one seeing this sort of activity in the background. Short of shutting down the calendar system, is there any reasonable way to throttle this? Since I have a very diverse interest group, simply blocking entire countries with htaccess or firewalls isn't really in the cards for me. At least a few thousand bad guys (or maybe one bad guy with access to a few thousand IP addresses) seem to think that calendar.php is vulnerable.
Comments?