Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
di2018-12-28 16:10:12
Nginx
di, 2018-12-28 16:10:12

What is this type of attack and how can you fight it?

I recently got into the logs of my server /var/log/nginx and found the following in the access.log file.

184.75.223.227 - - [28/Dec/2018:08:32:37 +0300] "GET / HTTP/1.1" 200 4445 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.$
184.75.223.227 - - [28/Dec/2018:08:32:37 +0300] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 200 1535 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KH$
184.75.223.227 - - [28/Dec/2018:08:32:37 +0300] "GET /xmlrpc.php?rsd HTTP/1.1" 404 1523 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gec$
184.75.223.227 - - [28/Dec/2018:08:32:38 +0300] "GET / HTTP/1.1" 200 4451 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.$
184.75.223.227 - - [28/Dec/2018:08:32:39 +0300] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 200 1535 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.3$
184.75.223.227 - - [28/Dec/2018:08:32:40 +0300] "GET /wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 200 1535 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/$
184.75.223.227 - - [28/Dec/2018:08:32:41 +0300] "GET /wp/wp-includes/wlwmanifest.xml HTTP/1.1" 200 1535 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 $
184.75.223.227 - - [28/Dec/2018:08:32:42 +0300] "GET /site/wp-includes/wlwmanifest.xml HTTP/1.1" 200 1535 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.3$
184.75.223.227 - - [28/Dec/2018:08:32:43 +0300] "GET /cms/wp-includes/wlwmanifest.xml HTTP/1.1" 200 1535 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36$
184.75.223.227 - - [28/Dec/2018:08:32:44 +0300] "" 400 0 "-" "-"

That is, someone quickly checked the site for vulnerabilities, there were several more similar clients. Is it possible to deal with such attacks? Of course, they are not dangerous (I do not use Wordpress) and only 10 requests each, but still leave an unpleasant aftertaste. The attack was carried out by ip as I understand it.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Stalker_RED, 2018-12-28
@Delgus

There are thousands of these scanners, if you look at the logs of your home router, you will see that bots are looking for wp-admin several times a day.
You can set up something like fail2ban , which will calculate them and ban them by ip, or simply kill them. The load from them is insignificant, usually.

Similar questions
A
Alexey Bogdanov2016-07-06 16:10:41
How to get information from all points of the map in txt? 2Reply
T
Toopie2018-07-19 02:05:55
Lua is not installed on nginx - what to do? 1Reply
L
link772018-07-19 19:23:45
How can the nginx balancer "teach" to give a static page, for example index.php? 2Reply
S
Stanislav Fateev2013-11-23 14:03:34
Setting up SSL nginx? 2Reply
M
Magic_Moment2021-10-14 17:49:32
How to fix a 404 error for a bilingual site in NGINX? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question