PSA: Choose a very strong password

Please choose a strong password for your accounts online. Somebody tried to hack my website.

Let me explain, I was reading through my Apache Access log and saw a lot of requests to the PHPMyAdmin page.

These requests seemed to be trying different common passwords to hack my PHPMyAdmin page. The sad part is that this is nothing new. I got TONS of automated requests searching for vulnerabilities on my website. Put in the time to secure your website and use strong passwords. Thank you.

Edit: Something odd was that all of these requests where from China and some of the passwords seemed Chinese related, such as Huawei.

5 Likes

I strongly agree with you. A lot of “hackers” use VPNs in third world countries to stop people from getting their info. This is common with DDOS, Modders in games, or people trying to breach security.

If the IP was from another country, I would probably agree with you. But a China VPN? Does such a thing even exist? Most VPNs don’t have support for countries with internet censorship.

True, but people still can make their own VPN.

1 Like

Also, did you get emailed this post?

Don’t know. Leme check.

Still, I am convinced it was from china. I did more reading and saw requests from vulnerability software from china.

Could be true as well. But, don’t you have a 429 page?

Cloudflare handles all of that.

That looks like way more than enough to trigger that. He/She is sending one every second so that is a big issue.

1 Like

Looks like someone is not happy with your website running fine! I remember reading about a lot of requests coming from China to a Discourse forum on Discourse Meta a month ago.

oh lol I thought you were looking at me for a sec, i just read your robots.txt and enjoyed finding a gif of your dog
you should be very strict with who can access your admin panel, maybe block certain address ranges and prevent people outside the us from accessing which might be hard since it involves geoip and people can use a vpn. There are also databases of VPN and datacenter ips so you can use those to prevent VPNs and proxies.

Where’d you see robots.txt?

they do according to my friend idk why though

Personally, I block all requests from countries I am not in. So I set a rule to block requests that are not from the US.

I think someone is access some servers. I have some really weird requests in my terminal commands. I see some stuff that not even I would use. image
I did use that at a key a somepoint, but decided not to. This is a public API so you can use it if you want. I don’t care. But What is important is that this was from inside the project. And I got similar requests to the project. So either, someone inside of glitch is tampering with projects, or someone just got access to some projects. I also noticed that they tried to locate a json.sqlite file.

What does PSA mean?

public service annocument

2 Likes

Ok wow just went on a crazy rabbit hole after seeing something in my access logs, will do a video tommorow.

1 Like

I have a comment, but i’m choosing not to release it