Securing WB by trapping IP

[ctec]

Please take the time to review how the code works on my test site by following the links below. It is a sample site with just a Home Page. It is for display purpose only.

I would like to know if this would be of interest to anyone.

I did not develop the code but rather modified it for WB. Credit is still intact in the files to the appropriate coders. I am using 2.83 the latest version.

First go to: www.michaelscompserv.com/wb which will open my test site.

Then go to www.michaelscompserv.com/wb/admin
* This will act like a hacker attempting to get access to your admin folder.

What this code does is to block the ip address attempting to get into the admin folder. You will no longer to be able to access the website at all. You will get an email with the blocking of the ip address. The administrator will be able to clear the IP address so that you can access the site again.

If this is something that is of interest, I will write up documents and include everything that I have done to get this to work.

PM me with any questions and include your ip if you would like for me to give you access to the site again. Looking for feedback, don't be shy.

The files and documentation are ready. I just do not know how to set them up on this board.

HAVE FUN....

[crnogorac081]

I assume you have a static ip address. what about remote admin (you go on a trip or other office) ??

but idea is nice ! also I recommend to ban only access to backend - for example when you go to /admin  and your real admin si for example /cms to ban when you go to /cms not entire site (frontend)

cheers,
Ivan

[ctec]

I assume you have a static ip address. what about remote admin (you go on a trip or other office) ??

but idea is nice ! also I recommend to ban only access to backend - for example when you go to /admin  and your real admin si for example /cms to ban when you go to /cms not entire site (frontend)

cheers,
Ivan

I do have a static ip. You can access your backend from any ip as long as you are not banned from that address. This is a learning code. It traps all who attempt to access the admin folder unauthorized. You as the Administrator know the correct path and therefore will not get banned.

The reason that you are banned from the entire site, is because a hacker will not stop at just the Admin. They attempt to inject SQL script via your URL. This is why you get banned from the enite site. I am working on modifying some scripts that I use elsewhere for this as well.

You as the administrator can remove the banned ip and move it to a whitelist folder so that particular access can visit the site again.

Maybe I forgot to mention, you get an email for each banned ip, so you can verify the ip isn't just a bot. If it is, you can add it to the whitelist so it can crawl the site.

I can work on modifying something like you mentioned on banning just the admin folders.

Hope this helps.

*****************************************************************************************
New thought:
     Although maybe not a bad idea to ban just from accessing you admin folder (the new one that you renamed, right?), but I just do not see how to properly do that with banning your own ip. The reason why I say this is because you will have to access your admin and if it is set to ban the ip you will not get access to it. Unless I am misunderstood. Do you mean that if the first attempt is to the decoy admin folder they get banned and then if they attempt to access the real admin they are banned, but still have access to the site. I believe that anyone who attempts to access something they are not to should be banned outright.
     I did make a modification to the program and that was that it will clear the ip after 4 hours, or more or less, however you want to set it up for.
     Final thought: Password Protect the newly named admin folder for a more secure backend.

[VSG]

This is an interesting concept - maybe banning the IP address for a certain time-period - let's say 2 hours or so would be sufficient. Bots most likely should have moved on by then and if a hacker has an interest in your site they will probably just be encouraged by something like this.

But did I miss something? Is there information on where to obtain the code in order to implement it in WB yet? I failed to see this somewhere ...

I agree that blocking the backend only would probably be a better idea. For example if you get a dynamic IP address as I do from my internet service provider then mine might be blocked even if I did never visit your site before. Or you would have to dump all the blocked IPs within a 24 hour period. So not to drive away possible visitors of the site.

As I said interesting concept and I'd like to try this on my site - this way I would at least get an information on how often someone tries to access the admin-folder.

Best regards,
VSG

[ctec]

This is an interesting concept - maybe banning the IP address for a certain time-period - let's say 2 hours or so would be sufficient. Bots most likely should have moved on by then and if a hacker has an interest in your site they will probably just be encouraged by something like this.

But did I miss something? Is there information on where to obtain the code in order to implement it in WB yet? I failed to see this somewhere ...

I agree that blocking the backend only would probably be a better idea. For example if you get a dynamic IP address as I do from my internet service provider then mine might be blocked even if I did never visit your site before. Or you would have to dump all the blocked IPs within a 24 hour period. So not to drive away possible visitors of the site.

As I said interesting concept and I'd like to try this on my site - this way I would at least get an information on how often someone tries to access the admin-folder.

Best regards,
VSG

I would guess that if you wanted to ban an ip for a certain amount of time it could be coded or maybe like you stated just dump all the blocked ip's within 24 hours. This might require a CRON JOB to be set up. Not sure yet but will look into that.

No, you haven't missed anything. I haven't posted the information on how to do this yet.

I can work on modifying the code to work only on the backend only. Will test that though. I can see about packaging it up and sending you the instructions on how to set this up. There are about 3 or 4 files that you will have to upload to the directory.

Let me know.

[ctec]

This is an interesting concept - maybe banning the IP address for a certain time-period - let's say 2 hours or so would be sufficient. Bots most likely should have moved on by then and if a hacker has an interest in your site they will probably just be encouraged by something like this.

But did I miss something? Is there information on where to obtain the code in order to implement it in WB yet? I failed to see this somewhere ...

I agree that blocking the backend only would probably be a better idea. For example if you get a dynamic IP address as I do from my internet service provider then mine might be blocked even if I did never visit your site before. Or you would have to dump all the blocked IPs within a 24 hour period. So not to drive away possible visitors of the site.

As I said interesting concept and I'd like to try this on my site - this way I would at least get an information on how often someone tries to access the admin-folder.

Best regards,
VSG

I have implemented a time period script. What this will do is clear the banned text file. You will however have to set up a cron job to run the script. The script is there to be use if not you just don't set a cron job. Currently looking at the code to be in the admin side only. But I would add . Htaccess to the admin folder or what ever you have named the admin folder to.