Dashboard Online Report - many visitors look for the admin folder

Hi to all community members, about a day after renaming the admin directory I noticed that many visitors are looking for the admin folder. like https://www.mysite.it/admin/. Could it be just a coincidence or am I under attack?
OC Versione 3.0.3.1
Tracing the IP of the visitors found that they come from all over the world.
Only a Chinese viewer always tries to attack me with this link https://www.mysite.it/skin/adminer-3.3.2.php.
Do I have to worry? can I block the Chinese visitor's IP?
What you suggest to me? Thanks a lot

Well, if you already renamed admin, you might have to rework the mods listed below as well. But otherwise,
they will all add to overall Admin Security:

Simple Login Security (Very simple solution, I use such a Mod for a long time already)
If you want to make your administrator login page more private, this extension is just for you.
Functionality:
- Login page is accessible only with custom secret code
(http://yourwebsite.com/admin/?passkey=YourPassword)
- Custom pass key and password
- Post'ed login info from other url wont be accepted without YourPassword
Simple but strong security enhancement. Using this extension you will disable login page access to everyone but yourself.
https://www.opencart.com/index.php?rout ... n_id=21371
---
False Admin Login Security ( Change the Lockout period to whatever time you want, to keep 'em out for good)
Do you want to secure your store Admin login? Do you want to limit your Admin login attempt? Just install False Admin login Security extension and configure it. that's all.
https://www.opencart.com/index.php?rout ... n_id=39292
---
Opencart Security Admin Whitelist Access ( Allows access only to listed IP's)
Whitelisting is the practice of explicitly allowing some identified entities access to a particular privilege, service, mobility, access or recognition. It is the reverse of blacklisting. Many network admins set up IP address whitelists, or a IP address filter, to control who is allowed on their networks / applications / servers.
https://www.opencart.com/index.php?rout ... n_id=37806
---
In addition to keep some IP's out, use your SHOP .htaccess file, to at best lock out entire Blocks, I so far lock
out ~1'840 Ranges/Lines, totalling in more than 650'000 IP's, in my 113 KB ! .htaccess file, and it has no negative
effect on overall performance! Just make sure, not to block potential Customer IP Ranges, or even yourself!
Use something like this, to check (full) IP numbers: https://whatismyipaddress.com/ip-lookup
And it's a daily TASK, to check your Site+Admin Access+Error Logs, to keep .htaccess up to date, don't forget that !
----
Good Luck!
Ernie
PS: Just be aware, that even unallowed Access-Attempts may still show up in Admin Logs, despite of the fact, that they get no access.
They just never display an (Shop-related) Referrer Address in the Logs, and usually one have one Log Entry.

Tank You @IP_CAM! Was a good suggest. I finf so useful .htaccs strategies. I will do surely.
Special attention to your deny from...
So you deny any ip try to connect to admin folder? right?

What about adminer-3.3.2.php? can be dangerous?

Thanks a lot IP_CAM

sundsx wrote: ↑

Thu Jul 23, 2020 5:02 pm

What about adminer-3.3.2.php? can be dangerous?

adminer-* is nothing else than a simple replacement for the phpMyAdmin, see: https://www.adminer.org/en/
What those scriptkiddies are trying to hit this tool.
The number after "adminer-" is the version number.

Currently it seems that they have fun to search for, I for myself have x-thousand tries each day.
No worry about IF YOU HAVE THIS TOOL NOT USED!

Note: adminer can be used a simple replacement for any databasetool (e.g. like phpMyAdmin).
But (!!) it should not be stored any longer when not used anymore.

Better to rename this tool to something else (while also valid here: delete after usage).

Thank you @OSWorX! Yes i dont use that tools.

So you deny any ip try to connect to admin folder? right?

Well, I deny any IP, accessing my Servers by use of some screwy link-code,
and since I don't need the whole World to see my Sites anyway.

I lock the entire sub-range, instead of only a specific IP Number, like instead of:
123.456.789.123 - I add: 123.456.789. to the .htaccess file, to make sure, that all
numbers of the last IP-Block are beeing locked out. In some cases, I also
lock out the second+third blocks too, to so have everything blocked, coming
from IP 123.xxx.xxx.xxx !

And if one tries to connect a few times within a few seconds, he will be blocked
temporarely. You may check one of my sites, and if you click on links quite fast,
you will be blocked for a short time, and if one is repeating such multiple times,
he will be blocked for 10 hours, to allow me, to later block them for good.
OC 1.5.6.x offers all those extensions, one reason, to still use it ...

My .htaccess for far contains 1'871 individual DENY FROM Lines, and every single
day, a couple of new denials are added to the file, to keep some BOOZO-Brains out
for good. It's kind of a Game, just like in real Life too ...

And to make double-sure, I also redirect them to Las Vegas too ...
So, anyone else, using the same link content, will be redirected automatically.

Regarding your ADMINER file, I am not quite familiar with it, but I assue, if you
have it password-secured well, there should be no problem. Just check the Web,
to make sure, that you always use the latest (tested) Version, just in Case ...

Good Luck!
Ernie
---

Thanks @IP_CAM, your detailed answer was instructive for me.

It is very boring because people want to steal your work done with effort and passion.

But very curious for me is the fact that before renaming the admin directory, I didn't see these requests.
Ever since I renamed the directory a lot every day.
A great deal of attention and blocking of IP addresses or entire sub IP families is waiting for me as you do.
Thanks for the accurate and educational response. Very funny the redirect to las vegas

You should limit the access to your admin folder to your IP-address only. E.g. put something like this into your 'admin/.htaccess' file:

JNeuhoff wrote: ↑

Mon Jul 27, 2020 5:59 pm

You should limit the access to your admin folder to your IP-address only.

Beware!
This is a solution ONLY if you have a static IP-Address.
If that's not the case (e.g. dynamic IP-Addresses as many providers have), you will lock out yourself.

OSWorX wrote: ↑

Wed Aug 05, 2020 8:14 pm

JNeuhoff wrote: ↑

Mon Jul 27, 2020 5:59 pm

You should limit the access to your admin folder to your IP-address only.

Beware!
This is a solution ONLY if you have a static IP-Address.
If that's not the case (e.g. dynamic IP-Addresses as many providers have), you will lock out yourself.

Agree with OSWorX here. The solution mentioned above would need each of the users logging-in to the admin area to have a static home/work IP - which may not always be possible. Instead, you could add another layer of authentication with HTTP Auth. If you're using a cPanel based hosting, open the File manager within the cPanel, navigate to the root of your OpenCart store, right click on the admin folder, select the option "Password protect this directory" and follow the on-screen steps. For non-cPanel based sites, you can create a .htpasswd file with the credentials, and update the .htaccess file in the /admin folder.

--
Ananda

@OSWorX: You are correct, my advise is only useful if your office uses an internet connection with a static IP-address. I think most professional developers or businesses will use a static IP-address.

@ASTRA Security Suite : Good advise for those who don't use a static IP-address, thanks for posting it.

JNeuhoff wrote: ↑

Tue Aug 11, 2020 12:36 am

I think most professional developers or businesses will use a static IP-address.

Sorry, but again not true.
If static or dynamic IP-Address is not the choice of the developer or business, more the decision of the offered provider packages.
And as long as such package with a static address will cost 50% (or more) than a "standard" access package, I do not see any reason why I should pay such money only to have a "static" address.
Nobody will pay me this price, and I have really no advantage of having only a "static" address.