nginx – wordpress登录页面上的连续POST请求 – 黑客尝试?

Nginx 前端之家
前端之家收集整理的这篇文章主要介绍了nginx – wordpress登录页面上的连续POST请求 – 黑客尝试?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

从今天早上开始,我正在见证一系列连续的POST请求,这些请求是在我的服务器上的wordpress软件上运行的一个博客上发出的.

关于这种模式的一些事情:

>这些连续请求每次持续2分钟
>在这2分钟的持续时间内,4个POST请求每秒都会在wp-login.PHP中命中
>然后这些请求保持沉默,并在1小时后重新开始,再次持续2分钟,每秒4次请求.
>每次IP地址都不同
>所有追踪的IP都属于中国
>尝试阻止IP,但它们很容易逃避,因为他们每小时都会使用新IP

我正在使用Nginx,有什么方法可以阻止这样的黑客攻击.这是一个更大的问题,因为当这些请求来了几次时,在同一服务器上运行的其他网站受到了阻碍.如果有人能提供如何保护您的服务器免受此类尝试的任何指示,那么非常欢迎.

请在下面找到摘录日志.

xx.153.217.xxx - - [12/Jan/2015:13:45:13 +0530] "POST /wp-login.PHP HTTP/1.1" 200 3662 "http://blog.xxxxxx.in/wp-login.PHP" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
xx.153.217.xxx - - [12/Jan/2015:13:45:13 +0530] "POST /wp-login.PHP HTTP/1.1" 200 3662 "http://blog.xxxxxx.in/wp-login.PHP" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
xx.153.217.xxx - - [12/Jan/2015:13:45:13 +0530] "POST /wp-login.PHP HTTP/1.1" 200 3662 "http://blog.xxxxxx.in/wp-login.PHP" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
xx.153.217.xxx - - [12/Jan/2015:13:45:13 +0530] "POST /wp-login.PHP HTTP/1.1" 200 3662 "http://blog.xxxxxx.in/wp-login.PHP" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
xx.153.217.xxx - - [12/Jan/2015:13:45:14 +0530] "POST /wp-login.PHP HTTP/1.1" 200 3662 "http://blog.xxxxxx.in/wp-login.PHP" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
xx.153.217.xxx - - [12/Jan/2015:13:45:14 +0530] "POST /wp-login.PHP HTTP/1.1" 200 3662 "http://blog.xxxxxx.in/wp-login.PHP" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
xx.153.217.xxx - - [12/Jan/2015:13:45:14 +0530] "POST /wp-login.PHP HTTP/1.1" 200 3662 "http://blog.xxxxxx.in/wp-login.PHP" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
xx.153.217.xxx - - [12/Jan/2015:13:45:14 +0530] "POST /wp-login.PHP HTTP/1.1" 200 3662 "http://blog.xxxxxx.in/wp-login.PHP" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
xx.153.217.xxx - - [12/Jan/2015:13:45:15 +0530] "POST /wp-login.PHP HTTP/1.1" 200 3662 "http://blog.xxxxxx.in/wp-login.PHP" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
xx.153.217.xxx - - [12/Jan/2015:13:45:15 +0530] "POST /wp-login.PHP HTTP/1.1" 200 3662 "http://blog.xxxxxx.in/wp-login.PHP" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
xx.153.217.xxx - - [12/Jan/2015:13:45:15 +0530] "POST /wp-login.PHP HTTP/1.1" 200 3662 "http://blog.xxxxxx.in/wp-login.PHP" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
xx.153.217.xxx - - [12/Jan/2015:13:45:15 +0530] "POST /wp-login.PHP HTTP/1.1" 200 3662 "http://blog.xxxxxx.in/wp-login.PHP" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
xx.153.217.xxx - - [12/Jan/2015:13:45:16 +0530] "POST /wp-login.PHP HTTP/1.1" 200 3662 "http://blog.xxxxxx.in/wp-login.PHP" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
xx.153.217.xxx - - [12/Jan/2015:13:45:16 +0530] "POST /wp-login.PHP HTTP/1.1" 200 3662 "http://blog.xxxxxx.in/wp-login.PHP" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
xx.153.217.xxx - - [12/Jan/2015:13:45:16 +0530] "POST /wp-login.PHP HTTP/1.1" 200 3662 "http://blog.xxxxxx.in/wp-login.PHP" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
xx.153.217.xxx - - [12/Jan/2015:13:45:16 +0530] "POST /wp-login.PHP HTTP/1.1" 200 3662 "http://blog.xxxxxx.in/wp-login.PHP" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
最佳答案
处理此问题的首选方法是阻止访问/ wp-admin /文件夹和/wp-login.PHP中的任何内容,除了已知的静态IP(例如办公室的IP)之外的任何地方.除此之外,请查看fail2ban或任何数量wordpress插件,可以处理这些暴力破解尝试.
原文链接:https://www.f2er.com/nginx/435240.html

猜你在找的Nginx相关文章

Nginx基础知识学习(安装/进程模型/事件处理机制/详细配置/定时切割日志)
一、Linux下Nginx的安装 1.去官网 http://nginx.org/download/下载对应的Nginx安...
Nginx配置文件nginx.conf中location的匹配原则
一、空格:默认匹配、普通匹配 location / { root /home; } 二、= :精确匹配(表示匹配到...
nginx指定配置文件启动
``` nginx -c 配置文件路径 ``` ``` /usr/local/nginx/sbin/nginx -c /usr/local/nginx/co...
你真的了解负载均衡中间件nginx吗?
前言 nginx可所谓是如今最好用的软件级别的负载均衡了。通过nginx的高性能,并发能力强,占...
Ngnix负载均衡安装及配置
1.ngnix概念 Nginx是一款高性能的http 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理...
[Linux] nginx的try_files指令实现隐藏index.php的重写
1.nginx的try_files指令 ,核心功能是替代rewrite,并且比rewrite更强大的是可以按顺序查找...
[日常] 前端资源测试机上忽略版本号的的nginx配置
利用nginx的rewrite的指令,可以实现url的重新跳转,rewrtie有四种不同的flag,分别是redi...
[Nginx] 1.17.9中的更改日志
1. 不允许多个Host请求头 2. 忽略额外的Transfer-Encoding请求头 3.修复在HTTP/2时的socke...
[Linux] 解决nginx: [emerg] directive "rewrite" is not terminated by ";"
解决nginx: [emerg] directive "rewrite" is not terminated by &q...
[Nginx] location与rewrite配合处理项目的重写和路径问题
某个项目中路由是通过$_SERVER['REQUEST_URI']来进行的匹配处理 , 并且隐...
LinuxWindowsCentOSUbuntuNginxWebServiceScalaMemcacheApacheRedisDockerBashAzureTomcatLNMPShell数据结构服务器运维网络安全
xebugnodemondocker-copydcoselasticsearcwindows-contdocker-windodocker-awsamazon-cloudenvoyproxyhashicorp-vaswisscomdevkafka-pythonzscalerphoton-osdocker-swarmkamongoogle-cloudconcoursewso2-ampersistent-vapi-managerprocess-manamanjarojenkins-workhypriotremoteapikeystonejsbitcoindbitcoin-test