Would just like to remind all those setting up a new store
IP: 37.9.53.71
This ip address attempted to login to the administration using user credential admin 537 times In the space of 4 minutes.
I don’t setup stores with a user admin or administrator or anything else that would be considered a general term.
Putting no follow /administrator into the robots.txt file is also giving them easy access to the admin login page.
Putting rel noindex, nofollow tags into the login.phtml file is the best way to stop the page appearing in search engines and someone just looking at the robots.txt file.
You will also need to setup the admin with a unique url.
On a secondary note:
Using blogging / news modules or any other module that posts to the front end and gives the username of who it was posted by, make sure you either remove the username from the template or hopefully there is the option to set a sudo name when writing the post.
Let’s make it as hard as possible for these suckers.
Developers, stop leaving your .tar.gz files open for everyone to see!
A quick google search revealed to me straight database access to many websites if you download the .tar.gz files and look at the login details.
Developers, stop leaving your .tar.gz files open for everyone to see!
A quick google search revealed to me straight database access to many websites if you download the .tar.gz files and look at the login details.
I concur, many times when we begin consulting on a project we find previous developers/store owners keep their website backups in the websites root directory, not a good practice.
