The biggest part of website hosting and maintenance involves warding off of hackers. They are out there, all day, every day, every where. Very similar to search engine bots, hackers can scan the entire internet searching for vulnerabilities. If they scan enough websites they will find one with a default admin password, or any number of potential website vulnerabilities.
Fundamental to Drupal Website Security
- Stay up to date on Drupal module security updates. Apply new security updates as soon as possible.
- The Drupal Security Review module identifies other vulnerabilities such as file permissions and other settings.
- Change admin and database passwords on a regular basis.
- Configure and test file system and database backups.
- Review and when necessary, block "Abnormal Visits".
Block Abnormal Visits
The Drupal Statistics module provides a list of the top website visitors, and a high number of hits from a single IP address can indicate hacking activity.
Any suspicious IP can be checked against http://iplocation.net to obtain information about who owns the IP and where it is located.
When an IP from China making dozens of visits to a small website which sells cabinets or construction or bowling, it is probably a hacker. Certainly it is not a legitimate potential customer. On the other hand, a Comcast IP located in Oregon is probably legit.
Of course it isn't always obvious. Smarter hackers with more resources can (and often do) obtain IP addresses and computer servers (by purchase or hacking) from which to launch attacks. While over half of the IP's on my "Bad List" originate from China, ~16% originate from the USA, followed by the UK, Ukraine, Germany, France, Russia, Holland.