Httpd访问日志显示奇怪的bingbot
我在云(ec2)中设置了一个服务器,它是我所有WordPress站点的主机。
我今天注意到这个网站被黑客袭击了。
109.87.118.222 -- 16/Oct/2013:13:10:31 -0400 "POST /wp-login.php HTTP/1.0“200 3954 "http://smartmoneystrategies.net/wp-login.php”Mozilla/5.0 (Windows 6.1;rv:19.0) Gecko/20100101 Firefox/19.0“5.15.198.184 - 16/Oct/2013:13:10:31 -0400 "POST /wp-login.php HTTP/1.0”200 3926 "http://smartmoneystrategies.net/wp-login.php“Mozilla/5.0 (Windows 6.1;rv:19.0) Gecko/20100101 Firefox/19.0“42.116.170.247 -16/Oct/2013:13:10:32-0400 "POST /wp-login.php HTTP/1.0”200 3954 "http://smartmoneystrategies.net/wp-login.php“Mozilla/5.0”(Windows 6.1;rv:19.0) Gecko/20100101 Firefox/19.0“93.78.138.185 - 16/Oct/2013:13:10:33 -0400 "POST /wp-login.php HTTP/1.0”200 3954 "http://smartmoneystrategies.net/wp-login.php“Mozilla/5.0”(Windows 6.1;rv:19.0) Gecko/20100101 Firefox/19.0“2.95.13.35-16/Oct/2013:13:10:33 -0400 "POST /wp-login.php HTTP/1.0”200 3940 "http://smartmoneystrategies.net/wp-login.php“Mozilla/5.0”(Windows 6.1;rv:19.0) Gecko/20100101 Firefox/19.0“93.80.123.137 - 16/Oct/2013:13:10:34 -0400 "POST /wp-login.php HTTP/1.0”200 3940 "http://smartmoneystrategies.net/wp-login.php“Mozilla/5.0”(Windows 6.1;rv:19.0) Gecko/20100101火狐/19.0“79.181.39.227 - 16/Oct/2013:13:10:34 -0400 "POST /wp-login.php HTTP/1.0”200 3933 "http://smartmoneystrategies.net/wp-login.php“Mozilla/5.0”(Windows 6.1;rv:19.0) Gecko/20100101火狐/19.0“
我想我通过增加一个登录锁定来捕获ip地址来解决这个攻击。
但我也在里面发现了一堆这些.
157.56.92.164 -16/Oct/2013:09:57:12-0400 "GET /search.php/?q= /search.php/?ht=1&q=address+label+coupon+codes +富兰克林+理发&ht=1 HTTP/1.1“200 11475 "-”Mozilla/5.0 (兼容;bingbot/2.0;+http://www.bing.com/bingbot.htm)“157.56.92.164 -16/Oct/2013:09:57:13-0400 "GET HTTP/1.1”200 11475 "-“Mozilla/5.0 (兼容;bingbot/2.0;+http://www.bing.com/bingbot.htm)“157.56.92.164 -16/Oct/2013:09:57:13-0400 "GET /search.php/?q=Martell+Gay+Bryce&ht=1 HTTP/1.1”200 11475 "-“Mozilla/5.0 (兼容;bingbot/2.0;+http://www.bing.com/bingbot.htm)”157.56.92.164 - 16/Oct/2013:09:57:14 -0400 "GET /search.php/?ht=1&=蒙特雷+时尚+外套HTTP/1.1“200 11475 "-”Mozilla/5.0 (兼容;bingbot/2.0;bingbot/2.0;+http://www.bing.com/bingbot.htm)“157.56.92.164 -16/Oct/2013:09:57:14-0400 "GET /search.php/?ht=1&q=SUPERPREP+ELITE+semi+pro+team HTTP/1.1”200 11475 "-“Mozilla/5.0 (兼容;bingbot/2.0;+http://www.bing.com/bingbot.htm)”157.56.92.164 -16/Oct/2013:09:57:15-0400 "GET /search.php/?ht=1&q=rines+para+para+cheroki/1.1“200 11475 "-”Mozilla/5.0 (兼容;bingbot/2.0;+http://www.bing.com/bingbot.htm)“157.56.92.164 -16/Oct/2013:09:57:15-0400 "GET http://www.bing.com/bingbot.htm HTTP/1.1”200 11475 "-“Mozilla/5.0 (兼容;bingbot/2.0;+http://www.bing.com/bingbot.htm)”
这些是什么?
回答 1
Stack Overflow用户
发布于 2013-10-17 19:02:41
也遇到了这些问题,他们实际上成功地摧毁了我们的网络服务器。这似乎是一次僵尸网络暴力密码攻击,自4月份以来一直在针对WordPress网站进行攻击,不过最近似乎又有所回升。我将以下内容添加到我们的.htaccess文件中,这似乎做到了这一点(显然,您需要更改域和IP地址(单独或范围供您自己使用):
# BEGIN DDoS block
# Blocks "example.com/wp-login.php" referer without https?://
# And blocks all non-company addresses from wp-login.php
RewriteCond %{HTTP_REFERER} ^example\.com/wp-login\.php$
RewriteRule .* - [F]
<Files ~ "^wp-login.php">
<Limit POST>
deny from all
Allow from XXX.XXX.XXX.XXX
</Limit>
</Files>
<FilesMatch "^wp-login.php$">
Order Deny,Allow
Allow from XXX.XXX.XXX.XXX
Deny from all
</FilesMatch>https://stackoverflow.com/questions/19409673
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号