Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
tuttofatto2018-04-11 02:01:35
Bots
tuttofatto, 2018-04-11 02:01:35

Bots are breaking into the site on WordPress, can you help with advice?

Connoisseurs. Help out.
There is a WordPress site. Visitors dropped sharply, sometimes a 502 error occurs or the database is unavailable, but there are no log overloads. I learned from the hoster that there are multiple requests to the site. I started looking at the magazine. Every minute 60-70 requests per second from different IP addresses of this plan
148.251.23.119 - - [11/Apr/2018:01:53:17 +0300] "GET /wp-content/plugins/...... ....
148.251.23.119 - - [11/Apr/2018:01:53:17 +0300] "GET /wp-content/themes/........
148.251.23.119 - - [11/Apr /2018:01:53:17 +0300] "GET /wp-content/plugins/table-of-contents-
148.251.23.119 - - [11/Apr/2018:01:53:17 +0300] "GET /wp -content/plugins/wordpress-popular-posts/
148.251.23.119 - - [11/Apr/2018:01:53:17 +0300] "GET /wp-content/plugins/wp-pagenavi...
148.251.23.119 - - [11/Apr/2018:01:53:17 +0300] "GET /wp-content/themes/
148.251.23.119 - - [11/Apr/2018:01:53:17 +0300] " GET /wp-content/themes/
148.251.23.119 - - [11/Apr/2018:01:53:17 +0300] "GET /wp-content/themes/
As I understand it, this is some sort of parsing that has been going on for 5 days , from different addresses.There is no point in blacklisting them, there are too many of them
Well, etc. Accordingly, as I understand it, they dig through all these folders, the site crashes, real people do not see the site :(
What do you advise?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
P
Pavel K, 2018-04-11
@PavelK

More like looking for vulnerabilities in plugins.
It's somehow strange, according to the "logs" (what kind of logs at least?) There is no overload, but a 502 error falls out - just not enough resources (RAM mostly) ...
If there was a vps, something could be done, but so, either move to another hoster, or contact a DDoS protection service. 50-60 requests per second is not enough.

Report
E
Eugene, 2018-04-11
@Eugeny1987

Try installing fail2ban on the server

Report
N
NichitencoEvgh, 2018-04-11
@NichitencoEvgh

60 requests per second is a very light attack. The WordFence Security plugin will handle this . Those who are too hard on your site will be blocked by the plugin for a certain time, for example, for 1 hour (the time can be set in the settings).

Report
X
xmoonlight, 2018-04-11
@xmoonlight

A very simple script is written in PHP with data collection in the RAM cache (memcache (d), for example) and by the number and types of hits - a blocking multiplier is set on such an IP.
This script blocker is placed at the beginning of the main script of the site, or you can add its loading to .htaccess via php_value auto_prepend_file "FULLPATH/guard.php"
Or this option with rules in .htaccess (it is simpler, but also quite effective)

Similar questions
K
Kremix2021-09-11 13:50:58
Mistake in writing Telegram bot filters? 0Reply
D
Den182021-09-13 16:45:41
How to make Discord JS script re-execute? 1Reply
L
Lukas Tumas2020-06-20 11:27:49
How to send a private message to a specific user? 1Reply
L
Lukas Tumas2020-06-21 01:22:55
How to make the issuance of a role in def? 1Reply
B
badtrippp12021-09-14 17:12:43
Code not working (discord bot)? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question