0

我在云(ec2)中设置了一个服务器,托管了我所有的 WordPress 网站。

我今天注意到该网站遭到黑客攻击..

109.87.118.222 - - [16/Oct/2013:13:10:31 -0400] "POST /wp-login.php HTTP/1.0" 200 3954 " http://smartmoneystrategies.net/wp-login.php " " Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0" 5.15.198.184 - - [16/Oct/2013:13:10:31 -0400] "POST /wp-login.php HTTP/1.0 " 200 3926 " http://smartmoneystrategies.net/wp-login.php " "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0" 42.116.170.247 - - [16/Oct/2013: 13:10:32 -0400] "POST /wp-login.php HTTP/1.0" 200 3954 " http://smartmoneystrategies.net/wp-login.php " "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0" 93.78.138.185 - - [16/Oct/2013:13:10:33 -0400] "POST /wp-login.php HTTP/1.0"200 3954" http://smartmoneystrategies.net/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0" 2.95.13.35 - - [16/Oct/2013:13:10:33 -0400] "POST /wp-login.php HTTP /1.0" 200 3940 " http://smartmoneystrategies.net/wp-login.php " "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0" 93.80.123.137 - - [16/Oct/ 2013:13:10:34 -0400] "POST /wp-login.php HTTP/1.0" 200 3940 " http://smartmoneystrategies.net/wp-login.php " "Mozilla/5.0 (Windows NT 6.1; rv: 19.0) Gecko/20100101 Firefox/19.0" 79.181.39.227 - - [16/Oct/2013:13:10:34 -0400] "POST /wp-login.php HTTP/1.0" 200 3933 " http://smartmoneystrategies。 net/wp-login.php " "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0"

我想我通过添加登录锁定来捕获 IP 地址来修复攻击。

但我也在那里找到了一大堆这些......

157.56.92.164 - - [16/Oct/2013:09:57:12 -0400] "GET /search.php/?q=bethanny+franklin+haircut&ht=1 HTTP/1.1" 200 11475 "-" "Mozilla/5.0 (兼容;bingbot/2.​​0;+ http://www.bing.com/bingbot.htm)”157.56.92.164 - - [16/Oct/2013:09:57:13 -0400] “GET /search.php/ ?ht=1&q=address+label+coupon+codes HTTP/1.1" 200 11475 "-" "Mozilla/5.0 (compatible; bingbot/2.​​0; + http://www.bing.com/bingbot.htm )" 157.56。 92.164 - - [16/Oct/2013:09:57:13 -0400] "GET /search.php/?q=Martell+Gay+Bryce&ht=1 HTTP/1.1" 200 11475 "-" "Mozilla/5.0 (兼容; bingbot/2.​​0; + http://www.bing.com/bingbot.htm )" 157.56.92.164 - - [16/Oct/2013:09:57:14 -0400] "GET /search.php/?ht =1&q=monterey+fashions+coat HTTP/1.1" 200 11475"-" "Mozilla/5.0(兼容;bingbot/2.​​0;+http://www.bing.com/bingbot.htm )" 157.56.92.164 - - [16/Oct/2013:09:57:14 -0400] "GET /search.php/?ht=1&q=SUPERPREP+ELITE +semi+pro+team HTTP/1.1" 200 11475 "-" "Mozilla/5.0 (兼容; bingbot/2.​​0; + http://www.bing.com/bingbot.htm )" 157.56.92.164 - - [16/ Oct/2013:09:57:15 -0400]“GET /search.php/?ht=1&q=rines+para+jeep+cheroki HTTP/1.1”200 11475“-”“Mozilla/5.0(兼容;bingbot/2.​​0 ; + http://www.bing.com/bingbot.htm )" 157.56.92.164 - - [16/Oct/2013:09:57:15 -0400] "GET /search.php/?ht=1&q=outdoor +pro+staff+opportunity HTTP/1.1" 200 11475 "-" "Mozilla/5.0(兼容;bingbot/2.​​0;+ http://www.bing.com/bingbot.htm)"

这些是什么?

4

1 回答 1

1

也遇到了这些问题,他们实际上成功地关闭了我们的网络服务器。似乎是自 4 月以来一直针对 WordPress 网站的僵尸网络暴力密码攻击,尽管它最近似乎又恢复了。我将以下内容添加到我们的 .htaccess 文件中,这似乎成功了(显然您需要更改域和 IP 地址(单个或范围供您自己使用):

# BEGIN DDoS block
# Blocks "example.com/wp-login.php" referer without https?://
# And blocks all non-company addresses from wp-login.php
RewriteCond %{HTTP_REFERER} ^example\.com/wp-login\.php$
RewriteRule .* - [F]

<Files ~ "^wp-login.php">
<Limit POST>
    deny from all
    Allow from XXX.XXX.XXX.XXX
</Limit>
</Files>

<FilesMatch "^wp-login.php$">
Order Deny,Allow
    Allow from XXX.XXX.XXX.XXX
    Deny from all
</FilesMatch>
于 2013-10-17T19:02:41.967 回答