Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By Mike@frazierhome.net on
One of the cool benefits of the watchdog module is being able to see what caused a page error on your website and when it happened, and the IP that did it. I never thought about this until now, but this is more than a debugging tool, but can also be a security monitor.
So this evening I'm checking my site monitoring and I see tons of errors in bursts (like every 30 mins or so for most of today). Curious to see what might be broken in 4.2-rc I started checking the details of each of these and realized, this was a hacker trying to gain access or modify my website. I have to say, that so far the way Drupal is distributed seems to have kept them out so far (I haven't found anything modified on my site yet), but I'm concerned with how much they've been trying to hit the site.
So I'm looking for ideas. Can I ban an IP address (all of this seems to come from 2 different IP's over the course of the day). This is just a personal family website, so it doesn't make sense to me (but then does hacking like this ever make sense?) why they'd be trying to hack my site. Guess I need to start watching my webspace that I don't start finding files on it or somesuch.
BTW: How do I know this is hacking attempts? Watchdog shows the URLS they are accessing and the urls are drupal clean urls, but with vi, emacs, edit, php commands, etc attached to it (I'm guessing they are trying to find weaknesses in Drupal in executing code like a cgi-bin will do).
Comments
Use Deny Directive
You can block IP addresses from accessing your web pages using
Apache's
Denydirective. You should be able to writein your
httpd.conffile.See http://httpd.apache.org/docs/mod/mod_access.html for details.
Disclaimer: I have not actually done this myself, so I might have the details wrong.
re: Use Deny Directive
or more simply, in a .htaccess file:
You can disallow both given IP addresses or whole IP blocks this way.
Re : Use Deny Directive
Thanks David for the info on how to use "Deny Directive". I've been wanting to do this for a while to make sure that only I can login to my admin area (or at least to give another layer of protection). At first I used the .htaccess method but I got an email back today from my works managed security company
www.FirmNetworks.com recommending that I use the httpd.conf method. Does anyone have any idea why?
Admin Nodes
I'm using CVS as of 19 Jul, 2003. Along those same lines, I have a site with some family pictures that users need an account to view. Is there a way to see exactly which nodes and links a vistor goes to? In the access log, I see a track node link for some of the entries. On these, I can figure out which nodes they were visiting. However, there are a lot of nodes that do not have a track nodes link, where were these going? It would be nice if there was an additional column on the access log with the requested URL for each hit.
The reason I ask is in my referrals, I got a hit from someone looking for pictures of boys hitting, and I would like to see exactly where the pervert went or tried to go in my site.
Thanks for the Deny info for Apache, I'll try that too.
On my website, any "personal"
On my website, any "personal" pictures of the kids and such are located in protected directories (and/or subdomains, depending on who I'm giving access to) and not linked to my website at all. I give a direct link to those I want to be able to view the pictures and a password for getting to that directory (or subdomain).
Not a Drupal solution, but one I can live with. This experience has me feeling pretty good about Drupal's security (with the default .htaccess and the php scheme it uses) but I still don't want some things linked to the website (even if its off of a login only area). Downside to not hooking the picutres into Drupal is a direct access to them doesn't show in the Drupal logs (but I have other logging facilities with my webhost for that). But I still will see invalid attempts show up in the Drupal log as they get redirected back to the top page if the URL on my domain is invalid.
And I have found that using
And I have found that using .htaccess to restrict access to admin folders (PHP admin files) is one of the keys to locking them out for good. I have found that most hackers make use of exploits by calling admin scripts to gain access. To prevent this, add a ".htaccess" file to your admin directories (for all your apps on your server) and restrict access like this:
order deny,allow
deny from all
allow from nnn.nnn.nnn.nnn
(where nnn.nnn.nnn.nnn is YOUR IP address - you can add as many "allow" statements as you need)
If you have a firewall on your host or VPS, use it. Restrict access to all services that you can to only your IP and block the ones you don't need.
If I can help further, drop me a note. I'd be glad to help (I have developed a real dislike for hackers and love to shut them out).
Best,
Crackers
Hackers don't do such things. You mean crackers. Please, stop using badly this word.
Help!
I am 13 years old from Narangba Valley State High School and I am doing an assignment where I have to make a website and I need to know how hackers think and how to stop them. Please help me!
hackers
i am 17 years old from Westbury High School and i am doing an assignment and i need to know possible solutions, how can i protect from been hack?
E-Book
Here is an E-Book that may be helpful... at the bottom under the heading "Security" click on "A Hacker's guide to protecting your internet site and network"
Drupal Security
Thankfully, Drupal seems to be fairly secure and as far as I know it isn't vulnerable to any SQL injection hacks, which plague other systems like PHP-Nuke.
--
Mike Cohen, http://www.mcdevzone.com/