This is everything that is not me logging into and using mautic.
There’s someone checking to see if I am running wordpress, what’s worrying is that after that they try and log in using the right URLs for Mautic, and so do two other IP addresses.
There are a lot of site scanners out there and while WP is the post likely attack target there has been a few Mautic vulnerabilities so it is only natural scanners are going to add those urls to their tool kit. Best thing is to lock down access to Mautic login areas to fixed IPs via web server restrictions and possibly look at implementing fail2ban to block IPs. I’ve not looked at the Mautic logs to see if it logs failed logins for this to work. If not then you would need another method to block IP access.
Hi, sorry for the delay I’m not often in here any more. Locking down requires knowing how to deal with Apache access rules such as blocking (or allowing) the various url paths like /s/ and other ones. Ideally you would allow everything other than the login areas and for those only allow access to specific IPs to stop anyone getting in. Same can be said to other platforms such as Wordpress.
As far as emails and alerts, that is a whole other set of problems like scanning web logs for example. As far as I know there are no off the shelf solutions for this. I’ve done my own thing for this and its unlikely how mine works is how anyone else would want it to work so no chance it will be of use.
Its not a fool proof process, running servers that are exposed to the public Internet is a difficult thing at times. So many threats and that requires some expertise or finding someone with it who can help.