Hacking the Web Site

If you have questions about using mojoPortal, you can post them here.

You may want to first review our site administration documentation to see if your question is answered there.

This thread is closed to new posts. You must sign in to post in the forums.
11/1/2009 2:00:25 PM
Gravatar
Total Posts 14

Hacking the Web Site

I don't know if anyone else has noticed the increased hacking coming out of China. I was wondering if there could be a way to block a group of ip address's? I have enclosed some of the ip ranges below. These are all out of Bejiing.

Thanks

220.181.7.100      China   220.181.0.0 - 220.181.255.255   
61.135.163.124   China  61.135.0.0 - 61.135.255.255
123.124.17.251   China  123.112.0.0 - 123.127.255.255
124.115.0.158    China  124.114.0.0 - 124.115.255.255

11/1/2009 2:15:16 PM
Gravatar
Total Posts 18439

Re: Hacking the Web Site

Hi,

Its currently possible to ban specific ip addresses in mojoPortal under Administration > Advanced Tools > Banned IP Addresses, but its not currently possible to bane address ranges unless you have some external firewall. Often if you have a dedicated server there may be a firewall provided with it, like this site is hosted on a dedicated server and I get a firewall that I can manage from a web page as well.

You did not mention how you concluded they are trying to hack your site.

I have not noticed any recent changes of dramatic increase of crap in my logs that looks like hacking but I monitor it so frequently that perhaps I've already banned a bunch of the bad ones.

I would note that sometimes things that look like hacking may not be. There are some software out there that people use to create a local html copy of a site and sometimes people do it on this site to get the documentation, it crawls a bit agressively and raises some errors which is rude but I know in some cases I have found it was not malicious intent. One time I looked up the ip and it was a registered user so I contacted him and he responded apologetically and told me about the software (I forget the name of it, its probably still buried in my old email though) he was using to gather documentation.

Also things like viewstate errors can happen when the user has a slow connection and they click buttons before the page is fully loaded so you have to use good judgement about whether an error indicates hacking or you may ban too many people.

If I see lots and lots of errors on the same page in rapid succession I get suspicious, but only a few errors are very clearly hacking attempts. Sometimes you can see sql injection attempts in the url or other things that are clearly malicious and you can ban those guys with confidence.

Best,

Joe

11/1/2009 3:15:28 PM
Gravatar
Total Posts 14

Re: Hacking the Web Site

Thanks for the good information!

Dave

You must sign in to post in the forums. This thread is closed to new posts.