问题
Since few hours, I'm having multiple requests coming from various IP's to our website occuring every second(maybe 4 or 5 requests per second). The website's usual traffic is about 3 to 5 requests per minute. The requests are very random, for example:
/gtalczp/197zbcylgxpoaj-26228e-dtmlnaibx/
/109/jxwhezsivr/10445_xwvpfdyzhea.cgi
/nouyaku.html
/index.php/43e3133-pmuwbfgoedakvxs/
/keyword_list/s_index=L
The site's indexing in google is now all in japanese characters and messed up.
I have tried blocking IP's(via .htaccess) that make all these random requests, but every time a new IP is making a new request. How can I stop all of these requests? Can I use an .htaccess rule that allows only the links that are available in the site?
EDIT: Our site is running Wordpress latest version, with custom built features. If this was some kind of hack, how can I find the infected files/database tables?
EDIT 2: these look like legit google bots, but why are they trying to access these random links which don't exist...
回答1:
This traffic is coming from automated security scanners. They scan blocks of IP ranges used by AWS, Digital Ocean etc looking for known security bugs on the web server.
Can you stop it? Sort of.
One quick way to catch the low hanging fruit is to put a /password.txt on the root of the webserver. Every scanner on this planet will scan for that. Block any IP that accesses it. You can use Fail2Ban for this.
You can also rate limit access to your webserver. If a client is scanning pages very quickly it's likely a scanner and in which case ban the IP. But could also be a search engine spider etc. In which case this will likely hurt your SEO.
回答2:
With request for slugs containing Japanese keywords like nouyaku and Google indexing of pages in Japanese might well indicate the Japanese Keyword Hack. This Google article provides an explanation and some generic general fixes and preventitive measures: https://developers.google.com/web/fundamentals/security/hacked/fixing_the_japanese_keyword_hack
Fixing Wordpress hacks already covered elsewhere: you will find numerous questions and answers about this on Stackoverflow or via Google.
.htaccess Google's article advises replacing your htaccess. A useful start would be adding and tweaking either Geof Starr's 6G "Firewall" or 7G(beta) code.
The rate of requests is DDOS like; so it makes sense to cater for this at same time (e.g. mod_evasive, Fail2ban, and modsecurity) google protecting Apache from DDOS attacks.
DDOS, brute force and Wordpress - stopping dodgy requests before PHP/Wordpress code/SQL is run will massively reduce server load. If there is no need for the Public to log in to Wordpress, then use htaccess to password protect wp-login and also maybe wp-admin folder (may cause problems on some sites).
来源:https://stackoverflow.com/questions/57067552/stop-multiple-web-requests-web-security