joined:June 16, 2015
I'm seeing recently (or maybe it was like that in the past as well but I did not pay attention to it) more and more "attacks" in my drupal logs. What I mean by attacks is:
1) 30 similar attempts at URLs such as www.example.com/privacy&sa=U&ved=0ahUKEwjD4NGkkb_QAhVB9YMKHc-5DeA4MhAWCEMwCA&usg=AFQjCNGXJ-rAtA0CrnaAkM8M0_cZt-RE_Q/components/index.inc.php
2) 30 attempts to log in as admin and trying various passwords
3) very many attempts to log-in as another user...
I can see the ip where these trials are coming from. I have checked on google with a reverse dns and then tried to see whether the ips are blacklisted with free services such [mxtoolbox.com
Some of them are reported as blacklisted by some internet blaklist databases.
I have stopped the new user registration.
I'm also applying relatively fast the drupal security patches
My first question is:
1) Do I need to worry about it?
2) Can I ban these ips? I could ban them in drupal with a module, but I could also ban it via cPanel, so that they do not reach my domain at all
My question to you is how do you handle such cases? I'm using drupal, but I'm sure it's the same for any website out there whichever technology it might use
Many thanks for sharing your epxeriences