Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
di2018-12-28 16:10:12
Nginx
di, 2018-12-28 16:10:12

What is this type of attack and how can you fight it?

I recently got into the logs of my server /var/log/nginx and found the following in the access.log file.

184.75.223.227 - - [28/Dec/2018:08:32:37 +0300] "GET / HTTP/1.1" 200 4445 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.$
184.75.223.227 - - [28/Dec/2018:08:32:37 +0300] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 200 1535 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KH$
184.75.223.227 - - [28/Dec/2018:08:32:37 +0300] "GET /xmlrpc.php?rsd HTTP/1.1" 404 1523 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gec$
184.75.223.227 - - [28/Dec/2018:08:32:38 +0300] "GET / HTTP/1.1" 200 4451 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.$
184.75.223.227 - - [28/Dec/2018:08:32:39 +0300] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 200 1535 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.3$
184.75.223.227 - - [28/Dec/2018:08:32:40 +0300] "GET /wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 200 1535 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/$
184.75.223.227 - - [28/Dec/2018:08:32:41 +0300] "GET /wp/wp-includes/wlwmanifest.xml HTTP/1.1" 200 1535 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 $
184.75.223.227 - - [28/Dec/2018:08:32:42 +0300] "GET /site/wp-includes/wlwmanifest.xml HTTP/1.1" 200 1535 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.3$
184.75.223.227 - - [28/Dec/2018:08:32:43 +0300] "GET /cms/wp-includes/wlwmanifest.xml HTTP/1.1" 200 1535 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36$
184.75.223.227 - - [28/Dec/2018:08:32:44 +0300] "" 400 0 "-" "-"

That is, someone quickly checked the site for vulnerabilities, there were several more similar clients. Is it possible to deal with such attacks? Of course, they are not dangerous (I do not use Wordpress) and only 10 requests each, but still leave an unpleasant aftertaste. The attack was carried out by ip as I understand it.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Stalker_RED, 2018-12-28
@Delgus

There are thousands of these scanners, if you look at the logs of your home router, you will see that bots are looking for wp-admin several times a day.
You can set up something like fail2ban , which will calculate them and ban them by ip, or simply kill them. The load from them is insignificant, usually.

Similar questions
C
cru5ader2019-01-18 09:41:18
A large number of user sessions on the site? 0Reply
R
Reanima2020-10-28 17:14:52
NGINX + FLASK + Gunicorn configuration. How to configure proxying to a server subdirectory? 1Reply
M
Michael2019-01-19 17:09:53
Incomprehensible line in the nginx config? 2Reply
I
Ivan Ilyasov2019-01-20 15:03:34
Site on http/2. How to open certain pages via http/1.1? 1Reply
A
Alex Plotnikov2019-01-20 15:16:04
How to cancel caching only with certain query parameters? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question