Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Ivan Kozlov2016-04-09 08:00:49
linux
Ivan Kozlov, 2016-04-09 08:00:49

What do these logs mean and how to prevent these actions?

Some requests are constantly sent to my site. Is this a dos attack? and how to prevent this problem. The server can't handle the load.

36.84.132.13 - - [09/Apr/2016:04:51:21 +0000] "POST /wp-admin/network/yfycwxido.php HTTP/1.0" 404 509 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
115.167.44.127 - - [09/Apr/2016:04:51:27 +0000] "POST /wp-admin/network/atmrm.php HTTP/1.0" 404 505 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
207.46.13.182 - - [09/Apr/2016:04:51:31 +0000] "GET /lgoy5v/resumo-capitulos-totalmente-de-mai-04-09-abril.html HTTP/1.0" 404 499 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
176.59.150.65 - - [09/Apr/2016:04:51:40 +0000] "POST /wp-admin/network/tmibcrh.php HTTP/1.0" 404 507 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
171.5.220.9 - - [09/Apr/2016:04:51:44 +0000] "POST /vmytamu.php HTTP/1.0" 404 490 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
36.85.227.247 - - [09/Apr/2016:04:52:09 +0000] "POST /wp-admin/network/cytjklbv.php HTTP/1.0" 404 508 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
95.174.203.131 - - [09/Apr/2016:04:52:18 +0000] "POST /wmuwgeje.php HTTP/1.0" 404 491 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
37.212.242.205 - - [09/Apr/2016:04:52:26 +0000] "POST /wp-admin/network/yfycwxido.php HTTP/1.0" 404 509 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
114.79.36.161 - - [09/Apr/2016:04:52:38 +0000] "POST /wp-admin/network/atmrm.php HTTP/1.0" 404 505 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
118.70.179.252 - - [09/Apr/2016:04:52:52 +0000] "POST /vmytamu.php HTTP/1.0" 404 490 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
90.143.9.27 - - [09/Apr/2016:04:53:25 +0000] "POST /bdvlwunu.php HTTP/1.0" 404 491 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
175.100.138.40 - - [09/Apr/2016:04:53:26 +0000] "POST /wmuwgeje.php HTTP/1.0" 404 491 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
125.165.21.210 - - [09/Apr/2016:04:53:36 +0000] "POST /wp-admin/network/yfycwxido.php HTTP/1.0" 404 509 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
39.36.170.169 - - [09/Apr/2016:04:53:39 +0000] "POST /wp-admin/network/atmrm.php HTTP/1.0" 404 505 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
203.111.234.173 - - [09/Apr/2016:04:53:57 +0000] "POST /vmytamu.php HTTP/1.0" 404 490 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
114.34.3.206 - - [09/Apr/2016:04:54:34 +0000] "POST /wmuwgeje.php HTTP/1.0" 404 491 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
139.193.42.61 - - [09/Apr/2016:04:54:35 +0000] "POST /bdvlwunu.php HTTP/1.0" 404 491 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
36.84.67.135 - - [09/Apr/2016:04:54:42 +0000] "POST /wp-admin/network/yfycwxido.php HTTP/1.0" 404 509 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
41.234.187.44 - - [09/Apr/2016:04:55:07 +0000] "POST /vmytamu.php HTTP/1.0" 404 490 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
114.32.206.153 - - [09/Apr/2016:04:55:20 +0000] "POST /yyagotnns.php HTTP/1.0" 404 492 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
14.181.247.83 - - [09/Apr/2016:04:55:20 +0000] "POST /wp-admin/network/tmibcrh.php HTTP/1.0" 404 507 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
193.109.128.146 - - [09/Apr/2016:04:55:30 +0000] "POST /wp-admin/network/cytjklbv.php HTTP/1.0" 404 508 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
41.232.90.204 - - [09/Apr/2016:04:55:48 +0000] "POST /bdvlwunu.php HTTP/1.0" 404 491 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
187.194.61.134 - - [09/Apr/2016:04:55:49 +0000] "POST /wmuwgeje.php HTTP/1.0" 404 491 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
14.164.85.194 - - [09/Apr/2016:04:55:57 +0000] "POST /wp-admin/network/yfycwxido.php HTTP/1.0" 404 509 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
P
Pavel Volintsev, 2016-04-09
@trampick

This is probing your site for vulnerabilities.
You can try to remove the mention of the CMS version from the pages of your site (

<meta name="generator" content="WordPress 4.4.2" />
). Also see how to disable HTTP headers like "X-Powered-By:PHP/5.3.28". How to hide specific directories /wp-content/ and /upload/. How to hide specific wp-login.php files and others. In general, do not let third-party sites find out what kind of CMS you have.
There are special services through which you can check whether you managed to hide ( 1 , 2 , 3 )
The number of requests will
decrease
The server can't handle the load.

Look at the error.log - on which pages it usually crashes with 500 or 501 errors
Install nginx+php-fpm instead of apache+mod_php and enable php-fpm slow log, find out what is causing you 502 request timeout errors ( on a toaster )
Via Apache htaccess or nginx configs write rules for a 404 Not Found response to such a list of URLs
Set nginx to cache responses with a 404 code for an hour or more so that PHP does not even get to it.

Report
P
Puma Thailand, 2016-04-09
@opium

garbage is not ddos, it's
easier to score
well and make 404 static if the dynamics are annoying

Report
D
Dmitry, 2016-04-09
@plin2s

In addition to all of the above, I can only add that you can block particularly annoying addresses at the firewall level. For example, using fail2ban.

Report
P
Pavel Nagaev, 2016-04-14
@PNAGAEV

fail2ban

Similar questions
V
Vladimir Kuts2018-01-26 08:52:34
Fix HTTP Error 403: SSL is required? 2Reply
M
Maxim Mymrin2017-08-19 22:13:09
How do you transfer your customized OS for years to a new purchased computer? What are your favorite programs? 20Reply
V
vlarkanov2020-01-23 14:40:32
Python: how to get a screenshot of the entire page? 1Reply
F
feed4rz2017-08-20 19:38:17
How to add a range of ipv6 addresses on Ubuntu 14.04? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question