MODX apparently not alone in forgot-password vulnurabilities

- ☆ A M B ☆
- 24,524 Posts
sottwell Reply #1, 9 years, 6 months ago

Interesting. One of my sites with the Page Not Found Report widget shows me a number of attempts earlier today to access OSCommerce's 'forgot_password.php' file. It's coming from a shared hosting IP address in the US (Hosting Solutions International), using a computer with a Russian Windows and Firefox.
Studying MODX in the desert - http://sottwell.com
Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
Join the Slack Community - http://modx.org
- 24,544 Posts
BobRay Reply #2, 9 years, 6 months ago
It's my belief, though it's very difficult to test, that BotBlockX stops a lot of those kinds of things by simply blocking anyone who's hammering the site with many requests in a short time, though I suppose the smarter bots are cycling though a long list of sites so the requests on a given site are spaced out.

I've also got a lot of specific files listed in .htaccess and toss anyone who's looking for them before they get to index.php.
```
RewriteCond %{REQUEST_URI} reflect [NC,OR]
RewriteCond %{QUERY_STRING} reflect [NC,OR]
RewriteCond %{REQUEST_URI} ^\/scripts [NC,OR]
RewriteCond %{REQUEST_URI} ^\/apps [NC,OR]
RewriteCond %{REQUEST_URI} password_forgotten [NC,OR]
RewriteCond %{REQUEST_URI} forgot_password [NC,OR]
# etc.
RewriteRule .* - [F,L]
```
I've also got a bunch of these:
```
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
```
Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting