如何解决以.jp结尾的Wordpress GET请求
全部:
最近,我的aws托管的bitnami wordpress服务器似乎在一段时间后无故挂起。经过一番调查,我发现了很多扩展名为.jp的GET请求(请参阅access_log中的以下条目),最终Web服务器陷入了困境。起初,我以为是bot爬网程序,但是设置robots.txt否认所有代理都无济于事。因此,我得出结论,该网站已被黑客入侵。
我能够清除受感染的index.php,并进行了一些扫描,并删除了其他可疑的后门文件。
但是,我仍然收到这些请求。我必须获得第三方WAF,但之前有人遇到过这种情况吗?还有其他解决方案吗?我当时正在考虑屏蔽发出这些请求的所有IP。
还有,有人知道为什么http代码到处都是吗? 200、301、302、404、504?我想知道是否有人可以帮助我提出某种方法来将所有以.jp或_jp结尾的GET请求重定向到404,以便这些机器人可能会停止请求?
在此先感谢您的帮助或提示
66.249.79.247 - - [06/Oct/2020:08:06:15 +0000] "GET /83748051432533944698/2g1g4m.jp HTTP/1.1" 504 247
40.77.167.83 - - [06/Oct/2020:08:57:28 +0000] "GET /index.php?121341211630390379/ozduc149wi.jp HTTP/1.1" 302 254
40.77.167.183 - - [06/Oct/2020:10:20:46 +0000] "GET /?66941470973990256853%2Fygexu02m_jp HTTP/1.1" 200 22990
40.77.167.219 - - [06/Oct/2020:10:21:52 +0000] "GET /?335876841749628794271%2Fv4fvtr_jp HTTP/1.1" 200 22675
40.77.167.245 - - [06/Oct/2020:10:22:25 +0000] "GET /?5053828928712378990978%2F74sio14id_jp HTTP/1.1" 200 22676
207.46.13.127 - - [06/Oct/2020:10:24:11 +0000] "GET /index.php?5246670320607303/p4co.jp HTTP/1.1" 302 246
207.46.13.127 - - [06/Oct/2020:10:24:11 +0000] "GET /index.php?5246670320607303/p4co.jp HTTP/1.1" 301 -
40.77.167.245 - - [06/Oct/2020:10:24:50 +0000] "GET /?5246670320607303%2Fp4co_jp HTTP/1.1" 200 22676
207.46.13.127 - - [06/Oct/2020:10:25:43 +0000] "GET /index.php?367810711062240/zr357r0.jp HTTP/1.1" 302 248
207.46.13.127 - - [06/Oct/2020:10:25:43 +0000] "GET /index.php?367810711062240/zr357r0.jp HTTP/1.1" 301 -
207.46.13.127 - - [06/Oct/2020:10:25:43 +0000] "GET /?367810711062240%2Fzr357r0_jp HTTP/1.1" 200 22990
157.55.39.103 - - [06/Oct/2020:10:26:41 +0000] "GET /index.php?1222174486979040544575/y19ql.jp HTTP/1.1" 302 253
157.55.39.103 - - [06/Oct/2020:10:26:43 +0000] "GET /index.php?1222174486979040544575/y19ql.jp HTTP/1.1" 301 -
157.55.39.50 - - [06/Oct/2020:10:27:06 +0000] "GET /index.php?8674473905474605/lqcdqx9zz2y.jp HTTP/1.1" 302 253
157.55.39.50 - - [06/Oct/2020:10:27:06 +0000] "GET /index.php?8674473905474605/lqcdqx9zz2y.jp HTTP/1.1" 301 -
157.55.39.209 - - [06/Oct/2020:10:27:41 +0000] "GET /index.php?64913653844771116387/g5c0q8vl.jp HTTP/1.1" 302 254
157.55.39.209 - - [06/Oct/2020:10:27:41 +0000] "GET /index.php?64913653844771116387/g5c0q8vl.jp HTTP/1.1" 301 -
40.77.167.219 - - [06/Oct/2020:10:28:52 +0000] "GET /?985985155848573994033%2Fvam8yt3l_jp HTTP/1.1" 200 22922
40.77.167.64 - - [06/Oct/2020:10:29:19 +0000] "GET /?8674473905474605%2Flqcdqx9zz2y_jp HTTP/1.1" 200 23011
40.77.167.245 - - [06/Oct/2020:10:30:40 +0000] "GET /?20975465453133912%2Ffkriq05y4pz939wb0z_jp HTTP/1.1" 200 22889
40.77.167.183 - - [06/Oct/2020:10:31:03 +0000] "GET /?66941470973990256853%2Fygexu02m_jp HTTP/1.1" 200 23465
157.55.39.213 - - [06/Oct/2020:10:31:19 +0000] "GET /index.php?62611248134308629/jrsq9actoq.jp HTTP/1.1" 302 253
157.55.39.213 - - [06/Oct/2020:10:31:19 +0000] "GET /index.php?62611248134308629/jrsq9actoq.jp HTTP/1.1" 301 -
60.119.45.85 - - [06/Oct/2020:10:36:51 +0000] "GET /351822957117038374615884/t24f4pmzp5jo31ugjiykxf.jp HTTP/1.1" 404 52183
40.77.167.68 - - [06/Oct/2020:10:37:55 +0000] "GET /index.php?998625841380936277/uv4e.jp HTTP/1.1" 302 248
40.77.167.68 - - [06/Oct/2020:10:37:55 +0000] "GET /index.php?998625841380936277/uv4e.jp HTTP/1.1" 301 -
160.86.119.68 - - [06/Oct/2020:10:38:58 +0000] "GET /index.php?1040743082542785423/uxliq.jp HTTP/1.1" 302 250
160.86.119.68 - - [06/Oct/2020:10:38:58 +0000] "GET /index.php?1040743082542785423/uxliq.jp HTTP/1.1" 301 -
160.86.119.68 - - [06/Oct/2020:10:38:59 +0000] "GET /?1040743082542785423%2Fuxliq_jp HTTP/1.1" 200 24949
207.46.13.84 - - [06/Oct/2020:10:40:09 +0000] "GET /index.php?6272534263242610512/gx40o573.jp HTTP/1.1" 302 253
207.46.13.84 - - [06/Oct/2020:10:40:09 +0000] "GET /index.php?6272534263242610512/gx40o573.jp HTTP/1.1" 301 -
40.77.167.251 - - [06/Oct/2020:10:43:47 +0000] "GET /?62611248134308629%2Fjrsq9actoq_jp HTTP/1.1" 200 22644
40.77.167.219 - - [06/Oct/2020:10:44:04 +0000] "GET /?64913653844771116387%2Fg5c0q8vl_jp HTTP/1.1" 200 22648
216.218.191.195 - - [06/Oct/2020:10:44:31 +0000] "GET /86401079123078/mahvgj7zmmvqt5rg1y.jp HTTP/1.1" 302 248
216.218.191.195 - - [06/Oct/2020:10:44:31 +0000] "GET /86401079123078/mahvgj7zmmvqt5rg1y.jp HTTP/1.1" 404 52183
157.55.39.209 - - [06/Oct/2020:10:44:49 +0000] "GET /index.php?522295860887671235/ue41aslsxb8f9.jp HTTP/1.1" 302 257
157.55.39.209 - - [06/Oct/2020:10:44:49 +0000] "GET /index.php?522295860887671235/ue41aslsxb8f9.jp HTTP/1.1" 301 -
157.55.39.50 - - [06/Oct/2020:10:45:54 +0000] "GET /index.php?7672859189865264240851/d3w6hbrfwbsuz.jp HTTP/1.1" 302 261
157.55.39.209 - - [06/Oct/2020:10:46:40 +0000] "GET /index.php?4177680566672762/1j4pxzjn1.jp HTTP/1.1" 302 251
157.55.39.209 - - [06/Oct/2020:10:48:33 +0000] "GET /index.php?5998326392260385/klxz4unlpouwi.jp HTTP/1.1" 302 255
157.55.39.209 - - [06/Oct/2020:10:44:57 +0000] "GET /?522295860887671235%2Fue41aslsxb8f9_jp HTTP/1.1" 504 247
157.55.39.50 - - [06/Oct/2020:10:46:00 +0000] "GET /index.php?7672859189865264240851/d3w6hbrfwbsuz.jp HTTP/1.1" 504 247
207.46.13.84 - - [06/Oct/2020:10:51:14 +0000] "GET /index.php?701700696437681277/imwxg0efr.jp HTTP/1.1" 302 253
157.55.39.209 - - [06/Oct/2020:10:46:41 +0000] "GET /index.php?4177680566672762/1j4pxzjn1.jp HTTP/1.1" 504 247
207.46.13.84 - - [06/Oct/2020:10:53:16 +0000] "GET /index.php?7207060055007006126291310/gcce.jp HTTP/1.1" 302 255
157.55.39.209 - - [06/Oct/2020:10:48:33 +0000] "GET /index.php?5998326392260385/klxz4unlpouwi.jp HTTP/1.1" 504 247
207.46.13.84 - - [06/Oct/2020:10:54:41 +0000] "GET /index.php?654708820234823301441/wc0bm.jp HTTP/1.1" 302 252
207.46.13.84 - - [06/Oct/2020:10:51:15 +0000] "GET /index.php?701700696437681277/imwxg0efr.jp HTTP/1.1" 504 247
207.46.13.84 - - [06/Oct/2020:10:53:17 +0000] "GET /index.php?7207060055007006126291310/gcce.jp HTTP/1.1" 504 247
157.55.39.198 - - [06/Oct/2020:10:58:28 +0000] "GET /index.php?61826285510577814517/f61re78p1f41w.jp HTTP/1.1" 302 259
157.55.39.59 - - [06/Oct/2020:10:59:35 +0000] "GET /index.php?84156456634603/i2c2hj4je.jp HTTP/1.1" 302 249
207.46.13.84 - - [06/Oct/2020:10:54:41 +0000] "GET /index.php?654708820234823301441/wc0bm.jp HTTP/1.1" 504 247
40.77.167.245 - - [06/Oct/2020:10:57:37 +0000] "GET /?1222174486979040544575%2Fy19ql_jp HTTP/1.1" 504 247
157.55.39.198 - - [06/Oct/2020:10:58:28 +0000] "GET /index.php?61826285510577814517/f61re78p1f41w.jp HTTP/1.1" 504 247
157.55.39.59 - - [06/Oct/2020:10:59:40 +0000] "GET /index.php?84156456634603/i2c2hj4je.jp HTTP/1.1" 504 247
157.55.39.59 - - [06/Oct/2020:11:12:26 +0000] "GET /index.php?2862654978784673781/4sw4j9.jp HTTP/1.1" 302 251
157.55.39.198 - - [06/Oct/2020:11:12:26 +0000] "GET /index.php?5046999766427223019/wi37all3y0d.jp HTTP/1.1" 302 256
157.55.39.213 - - [06/Oct/2020:11:13:31 +0000] "GET /index.php?6905444501961800880491/e2ob.jp HTTP/1.1" 302 252
157.55.39.213 - - [06/Oct/2020:11:13:31 +0000] "GET /index.php?6188133617927057745629/w88c2.jp HTTP/1.1" 302 253
157.55.39.50 - - [06/Oct/2020:11:18:24 +0000] "GET /index.php?496957380189926301011/8dnd8.jp HTTP/1.1" 302 252
157.55.39.213 - - [06/Oct/2020:11:13:31 +0000] "GET /index.php?6188133617927057745629/w88c2.jp HTTP/1.1" 504 247
157.55.39.198 - - [06/Oct/2020:11:22:37 +0000] "GET /index.php?526083220810691818/54ufa.jp HTTP/1.1" 302 249
157.55.39.50 - - [06/Oct/2020:11:18:25 +0000] "GET /index.php?496957380189926301011/8dnd8.jp HTTP/1.1" 504 247
157.55.39.198 - - [06/Oct/2020:11:22:46 +0000] "GET /index.php?526083220810691818/54ufa.jp HTTP/1.1" 504 247
40.77.167.83 - - [06/Oct/2020:11:38:26 +0000] "GET /index.php?8292959145475478787/gsf1j.jp HTTP/1.1" 302 250
192.88.134.20 - - [06/Oct/2020:12:40:49 +0000] "GET /index.php?2145570128640089606630/0mk28y.jp HTTP/1.1" 301 -
185.93.231.20 - - [06/Oct/2020:13:00:37 +0000] "GET /3578256589223773089/z2gnr9ur75qoa21gzxh3.jp HTTP/1.1" 404 52240
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
