Httpd访问日志显示奇怪的bingbot

时间:2013-10-16 17:17:13

标签: wordpress access-log bingbot

我在云端(ec2)设置了一台服务器,主机是我所有的WordPress网站。

我今天注意到该网站遭到黑客攻击..

109.87.118.222 - - [16 / Oct / 2013:13:10:3​​1 -0400]“POST /wp-login.php HTTP / 1.0”200 3954“http://smartmoneystrategies.net/wp-login.php”“Mozilla / 5.0(Windows NT 6.1; rv:19.0)Gecko / 20100101 Firefox / 19.0“ 5.15.198.184 - - [16 / Oct / 2013:13:10:3​​1 -0400]“POST /wp-login.php HTTP / 1.0”200 3926“http://smartmoneystrategies.net/wp-login.php”“Mozilla / 5.0(Windows NT 6.1; rv:19.0)Gecko / 20100101 Firefox / 19.0“ 42.116.170.247 - - [16 / Oct / 2013:13:10:3​​2 -0400]“POST /wp-login.php HTTP / 1.0”200 3954“http://smartmoneystrategies.net/wp-login.php”“Mozilla / 5.0(Windows NT 6.1; rv:19.0)Gecko / 20100101 Firefox / 19.0“ 93.78.138.185 - - [16 / Oct / 2013:13:10:3​​3 -0400]“POST /wp-login.php HTTP / 1.0”200 3954“http://smartmoneystrategies.net/wp-login.php”“Mozilla / 5.0(Windows NT 6.1; rv:19.0)Gecko / 20100101 Firefox / 19.0“ 2.95.13.35 - - [16 / Oct / 2013:13:10:3​​3 -0400]“POST /wp-login.php HTTP / 1.0”200 3940“http://smartmoneystrategies.net/wp-login.php”“Mozilla / 5.0(Windows NT 6.1; rv:19.0)Gecko / 20100101 Firefox / 19.0“ 93.80.123.137 - - [16 / Oct / 2013:13:10:3​​4 -0400]“POST /wp-login.php HTTP / 1.0”200 3940“http://smartmoneystrategies.net/wp-login.php”“Mozilla / 5.0(Windows NT 6.1; rv:19.0)Gecko / 20100101 Firefox / 19.0“ 79.181.39.227 - - [16 / Oct / 2013:13:10:3​​4 -0400]“POST /wp-login.php HTTP / 1.0”200 3933“http://smartmoneystrategies.net/wp-login.php”“Mozilla / 5.0(Windows NT 6.1; rv:19.0)Gecko / 20100101 Firefox / 19.0“

我认为我通过添加登录锁定来捕获IP地址来修复攻击。

但我也在那里发现了一大堆......

157.56.92.164 - - [16 / Oct / 2013:09:57:12 -0400]“GET /search.php/?q=bethanny+franklin+haircut&ht=1 HTTP / 1.1”200 11475“ - “”Mozilla / 5.0(兼容; bingbot / 2.0; + http://www.bing.com/bingbot.htm)“ 157.56.92.164 - - [16 / Oct / 2013:09:57:13 -0400]“GET /search.php/?ht=1&q=address+label+coupon+codes HTTP / 1.1”200 11475“ - ” “Mozilla / 5.0(兼容; bingbot / 2.0; + http://www.bing.com/bingbot.htm)” 157.56.92.164 - - [16 / Oct / 2013:09:57:13 -0400]“GET /search.php/?q=Martell+Gay+Bryce&ht=1 HTTP / 1.1”200 11475“ - ”“Mozilla /5.0(兼容; bingbot / 2.0; + http://www.bing.com/bingbot.htm)“ 157.56.92.164 - - [16 / Oct / 2013:09:57:14 -0400]“GET /search.php/?ht=1&q=monterey+fashions+coat HTTP / 1.1”200 11475“ - ”“Mozilla /5.0(兼容; bingbot / 2.0; + http://www.bing.com/bingbot.htm)“ 157.56.92.164 - - [16 / Oct / 2013:09:57:14 -0400]“GET /search.php/?ht=1&q=SUPERPREP+ELITE+semi+pro+team HTTP / 1.1”200 11475“ - “”Mozilla / 5.0(兼容; bingbot / 2.0; + http://www.bing.com/bingbot.htm)“ 157.56.92.164 - - [16 / Oct / 2013:09:57:15 -0400]“GET /search.php/?ht=1&q=rines+para+jeep+cheroki HTTP / 1.1”200 11475“ - ” “Mozilla / 5.0(兼容; bingbot / 2.0; + http://www.bing.com/bingbot.htm)” 157.56.92.164 - - [16 / Oct / 2013:09:57:15 -0400]“GET /search.php/?ht=1&q=outdoor+pro+staff+opportunity HTTP / 1.1”200 11475“ - ” “Mozilla / 5.0(兼容; bingbot / 2.0; + http://www.bing.com/bingbot.htm)”

这些是什么?

1 个答案:

答案 0 :(得分:1)

也进入这些,他们实际上成功地打倒了我们的网络服务器。似乎是自4月以来一直在针对WordPress网站进行的僵尸网络强力密码攻击,尽管它似乎最近再次回升。我在.htaccess文件中添加了以下内容,这似乎完成了这一操作(显然您需要更改域名和IP地址(单个或范围供您自己使用):

# BEGIN DDoS block
# Blocks "example.com/wp-login.php" referer without https?://
# And blocks all non-company addresses from wp-login.php
RewriteCond %{HTTP_REFERER} ^example\.com/wp-login\.php$
RewriteRule .* - [F]

<Files ~ "^wp-login.php">
<Limit POST>
    deny from all
    Allow from XXX.XXX.XXX.XXX
</Limit>
</Files>

<FilesMatch "^wp-login.php$">
Order Deny,Allow
    Allow from XXX.XXX.XXX.XXX
    Deny from all
</FilesMatch>
相关问题
最新问题