Multi accesses from the same IP

[Pedro R.]

Hello,

I am verifying sometimes I got like multi accesses from the same IP (like 40 or 50 accesses).

 

What does this it can be? Hacking? What type of hacking could be?

 

My store: hobbysector.com

 

Thank you guys.

[Bazze]

It's probably just a bunch of people using the same proxyserver, anonymity service or something like that. Check up the IP-address and check who it belongs to etc.

[Pedro R.]

One of the IPs was this one: 182.118.22.202

 

I searched on Google and found: it is from China and is blacklisted...

See here:

 

http://www.myip.ms/view/blacklist/3061192394/Blacklist_IP_182.118.22.202

 

It doesnt look good, isnt?

[benjamin utterback]

Dear Pedro,

 

Hello, thank you for the message. From my experience I have seen that some IP's addresses can be duplicated or created. PrestaShop has very good security. You should not be too worried, however, you can download some modules that can block IP addresses. I hope this helps! Thank you for choosing PrestaShop!

[Bazze]

One of the IPs was this one: 182.118.22.202

 

I searched on Google and found: it is from China and is blacklisted...

See here:

 

http://www.myip.ms/v..._182.118.22.202

 

It doesnt look good, isnt?

 

You'll just have to block the IP. As long as your server is connected to the internet, malicious bots will crawl your site(s) looking for security holes to exploit - it's inevitable. The only thing you can do is to block those IP-addresses or use for example mod_security for Apache to block certain requests based on predefined rules.

[El Patron]

you can use PrestaShop Geo Location Feature. Its' really very good.

 

I have a module for HoneyPot on the list of things to finish this year.

 

HoneyPot report for this IP: http://www.projecthoneypot.org/ip_182.118.22.202

[benjamin utterback]

Hello,

Yes, the GeoLocation is a good feature. Sometimes you will encounter an IP address in the middle of the ocean. This is obviously not real.

As Bazze said

You'll just have to block the IP. As long as your server is connected to the internet, malicious bots will crawl your site(s) looking for security holes to exploit - it's inevitable. The only thing you can do is to block those IP-addresses or use for example mod_security for Apache to block certain requests based on predefined rules.

I think that is sound advice.

[Pedro R.]

Thank you all for your repplies. I am cooler now!

Anyway I have a SSL certificate so it might help the site security..?

[Bazze]

Thank you all for your repplies. I am cooler now!

Anyway I have a SSL certificate so it might help the site security..?

 

What the SSL certificate does is to assure the connecting users that you are who you say you are and when visiting your site using HTTPS the connection will be encrypted.

[CrS27]

Apart from SSL, you may also use SSH for your login pages and FTPS instead of FTP to prevent your login credentials from being intercepted by hackers.

 

There are now attacks known as brute force, which can break into your site by trying millions of logins and passwords. This post contains more info on the topic of site security.

 

I am convinced that it is better to use every opportunity to secure the site. I wouldn't like to find mine a mess one day, and, most likely, neither would you.

[nathanielleee]

I am having an issue with this as well. The problem is the ip is from the US does that mean its legit? its logged into pagenotfound about 500 instances currently.

[joalis]

IF YOU HAVE HOSTING WITH CPANEL, YOU CAN TRY THIS MODE:

 

Cpanel login > Security > Ip deny adress > add an adress to deny > adress successfully denied.

----------------------------------------------------------------------------------------------------------

Joalis Italia E-Shop www.joalisitalialabeshop.com

[petete2008]

Change file .htaccess

 

## Bloqueo de IP´s

<Limit GET POST>

order allow,deny

deny from xx.xx.xx.xx

allow from all

</Limit>

Edited January 30, 2013 by petete2008 (see edit history)

[ZenReputation]

its by due to proxy server...