Had an aggressive attack against a form page - person using Acutenix

6 posts by 5 authors in: Forums > CMS Builder
Last Post: October 18, 2019   (RSS)

By Codee - October 16, 2019

A client's form page (takes info/inserts into db) was aggressively attacked and I suspect they were able to get some information from the form submission...somehow. All 22,577 attempts (yes...22 thousand new database records added). Every single one of the order attempts had code, or just name, of "Acutenix"...which was in either the name or the company name fields. They tried different ways and means but all had the Acutenix tag somewhere in the record. I have seen, but never used or gone to their site (in case they are hackers) but the descriptions within the search engine results reveals a "Acutenix Vulnerability Scanner" to test your site. I can't help but wonder if their site accumulates targets by virtue of their software. I just don't know enough right now...other than at least part of their attempts succeeded because information was compromised.

Has anyone here had experience with a like attempt?

Thank you in advance.

Wow!

Thankfully, no experience with this.

Sorry to hear about the attack.

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

I have never experienced an attack by that company but I have seen other attacks of similar nature.

Do you use any form of CAPTCHA such as from Google?  If not, I suggest doing so.  That tends to cut down on the Spam.

You could also edit the form code to limit the number of submissions by WAN IP however true hackers will be able to spoof their IP or use compromised computers to hit your form.

You could adjust your submission code to check to see if the same or similar values are being entered into the fields before actually passing to the database.  In my experience the robot tends to paste the same value into most of the form fields.

Hey Chris, 

If you need it, there are a number of recipes on how to implement Google's Captcha in my CMSB Cookbook. http"//www.thecmsbcookbook.com

Hope it helps.

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

By Dave - October 18, 2019

Hi equinox, 

We've had mass submissions by Acutenix scanners before (and many others).  It's a scanner used to detect vulnerabilities.   Unfortunately, it's just the nature of being on the internet.

Some possible fixes for the future: 

  • You can use the Developer Console plugin to execute a MySQL query that removes all records containing Acutenix (or the IP used to submit requests)
  • You can block the submitting IP in your .htaccess file.
  • You can add a couple lines to code to return a 404 error for any requests that contain "Acutenix"

It's annoying and frustrating, but an ongoing battle.  We get ongoing spammers trying to sign up to our forum and started using Google Captcha and a IP based reputation scoring service to help filter them out.

Let me know if you have any other questions.

Dave Edis - Senior Developer
interactivetools.com