Hacking Woes
Hi Guys
Attached is a screenshot of a plesk logs page
I use Microsoft platform with classic asp
I am a wholesaler for health and beauty aids
I have a website carrying about 1500 items
I have this hacker who has been bothering me for months
He is accessing my website remotely using a script which clicks "Order" on everyone of my items
He does not proceed to actually place an order instead he just proceeds to the next item and goes on and on
All he does is just open the "Order Page" for every item that's it,
See a PLESK logs page (attached)
Once or twice a day he brings the website down forcing me to reset my IIS server (VERY ANNOYING)
I do not collect payments online so no creditcard numbers to harvest
can anyone suggest what does he gain .... He must be doing what he is doing for a reason!
Do I need to take any action? What action?
Is there a way I can prevent remote script access to my website
Any advise is welcome
Thanks
Dory
Attached is a screenshot of a plesk logs page
I use Microsoft platform with classic asp
I am a wholesaler for health and beauty aids
I have a website carrying about 1500 items
I have this hacker who has been bothering me for months
He is accessing my website remotely using a script which clicks "Order" on everyone of my items
He does not proceed to actually place an order instead he just proceeds to the next item and goes on and on
All he does is just open the "Order Page" for every item that's it,
See a PLESK logs page (attached)
Once or twice a day he brings the website down forcing me to reset my IIS server (VERY ANNOYING)
I do not collect payments online so no creditcard numbers to harvest
can anyone suggest what does he gain .... He must be doing what he is doing for a reason!Do I need to take any action? What action?
Is there a way I can prevent remote script access to my website
Any advise is welcome
Thanks
Dory
This is coming from BrandProtect, which I/M/O visits sites looking for "intellectual property" infringement so that somebody can sue you.
"BrandProtect provides you with essential visibility and actionable intelligence (emphasis mine) about the external threats to your brands, physical locations, customers, employees, and executives. We not only detect, validate, and analyze the threats, we mitigate them. BrandProtect finishes the job."
https://dnslytics.com/ip/158.106.67.41
This is probably not something you want visiting your site and given the company's declared mission I doubt very much that it would comply with the Robots Exclusion Standard.
Solution: Set the server's firewall to block all incoming traffic from 158.106.64.0/18 -- since this is a commercial server block, there will be no orders coming from it anyway.
"BrandProtect provides you with essential visibility and actionable intelligence (emphasis mine) about the external threats to your brands, physical locations, customers, employees, and executives. We not only detect, validate, and analyze the threats, we mitigate them. BrandProtect finishes the job."
https://dnslytics.com/ip/158.106.67.41
This is probably not something you want visiting your site and given the company's declared mission I doubt very much that it would comply with the Robots Exclusion Standard.
Solution: Set the server's firewall to block all incoming traffic from 158.106.64.0/18 -- since this is a commercial server block, there will be no orders coming from it anyway.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
David Favor
Thank you for your help with extra details
Dory
Thank you for your help with extra details
Dory
ASKER
David Favor
Thank you for your help with extra details
Dr KLahn
Interesting Comment
Dory
Thank you for your help with extra details
Dr KLahn
Interesting Comment
Dory
You're welcome!
Think code audit (inefficient coding, memory leaks), or expanding hardware (think memory or CPU). If all fails, bring it under a reputable web hoster (though that only deals with traffic, not with inefficient coding)..
Just in case you're a rare case that does NOT rely on Google search to generate business, you can place a robots.txt file in the root folder containing:
Open in new window
Or if you know the user-agent of a few bots who bring you down:
Open in new window
If you can't find the correct user-agent (should be in your access logs, but it's not always clear what to fill in), then block the whole range of IP nr. in your firewall.