Is someone trying to hack my site?

Nelly71 · 01-11-2010 9:01pm #1

Hi,
I've got a website which has been running since the start of the summer with approx. 50-80 hits per day. But in the last 4 days i've had over 200 hits per day and they're mostly from an IP address with first 6 digits as 123.125. The last digits vary but every IP number originates from Beijing, China. They always seem to be looking at a particular image on my site. They would be there for a couple of minutes, disappear and then another similar IP address comes back, looking at the same image. Am I imagining things or is someone in China trying to hack my site?
Thanks,
Noelle.

Procasinator · 02-11-2010 3:34pm

Could be a number things. For instance, the Baidu search company (Chinas most popular search engine) has crawlers in that IP range:

http://www.useragentstring.com/Baiduspider_id_248.php

Do you have any user agent information of visitors store anywhere? If you do, you could determine if it is the Baidu crawlers.

JimmyCrackCorn · 02-11-2010 6:46pm

Lots of automated bots crawl the internet.

Some are good allot are bad. The vast majority of the bad target reliable known security holes in well known applications. Then theirs spam bots which do what they say on the tin.

So in a way yes lots of things are trying to hack your site. Its just the way of the internet.

wolfric · 03-11-2010 8:37am

If you're worried just block the surrounding network and a few jumps up just in case. Of course i hate to break this to you but you might already be hacked. How are you getting your logs exactly?

Can you verify what they did or what they requested? Do you have any support for showing detected port scans?

JimmyCrackCorn · 03-11-2010 4:09pm

wolfric wrote: »

If you're worried just block the surrounding network and a few jumps up just in case. Of course i hate to break this to you but you might already be hacked. How are you getting your logs exactly?

Can you verify what they did or what they requested? Do you have any support for showing detected port scans?

That is a little alarmist. Make sure your sites secure and software is up to date and you will be fine most of the time.

Nelly71 · 04-11-2010 12:55pm

Thanks for all the replies. It was one of my images they were looking at although today they are looking at one of my product pages. I'm afraid, weing new to all of this i'm not sure what advice some of you are giving

I am using Zencart v1.3.9d and I can see what IP addresses are online and what exactly they are viewing. I think I would like to bar anyone in China from viewing my site. I've been Googling how to do this and have found http://www.countryipblocks.net/. There is a table with links on this page which are country-specific. Would I just copy the information in the ".htaccess deny" link for China within the "Top 10 Global Spammers 1Q 2010" and then paste the info into my .htaccess file? Also, which .htaccess file?

Many thanks in advance for your help.

Nelly71 · 04-11-2010 1:09pm

Meant to tell Procrastinator that it is Baidu crawlers alright, always IP addresses starting with those 6 digits.

Is someone trying to hack my site?

Comments