Jump to content
Sign in to follow this  
iMer

Wordpress get flood

Recommended Posts

So, this isnt exactly related to Metin2.

But within this day I had two seperate attacks on two unrelated Metin2 Homepages.

People are using WordPress websites to relay requests.

access.log looks something like this:

173.236.144.96 - - [22/Feb/2014:00:57:34 +0100] "GET /?2554596=7542239 HTTP/1.0" 403 162 "-" "WordPress/3.8.1; http://www.graphicdesignblender.com"
195.154.120.142 - - [22/Feb/2014:00:57:34 +0100] "GET / HTTP/1.0" 403 162 "-" "WordPress/3.6.1; http://delicesetdecadence.blog.lemonde.fr"
8.14.117.89 - - [22/Feb/2014:00:57:34 +0100] "GET /?2852111=9681641 HTTP/1.0" 403 162 "-" "WordPress/3.7.1; http://www.garancedore.fr"
65.98.60.98 - - [22/Feb/2014:00:57:34 +0100] "GET /?8331124=3589667 HTTP/1.0" 403 162 "-" "WordPress/3.4.1; http://www.cpcstrategy.com/blog"
69.163.171.127 - - [22/Feb/2014:00:57:34 +0100] "GET /?8798433=9569671 HTTP/1.0" 403 162 "-" "WordPress/3.8.1; http://www.bmeasure.com"
67.205.2.183 - - [22/Feb/2014:00:57:34 +0100] "GET / HTTP/1.0" 403 162 "-" "WordPress/3.8.1; http://unconferenz.com"
109.168.123.104 - - [22/Feb/2014:00:57:34 +0100] "GET /?2400804=4166790 HTTP/1.0" 403 162 "-" "WordPress/3.5.1; http://www.cluster.eu"
97.74.144.211 - - [22/Feb/2014:00:57:34 +0100] "GET / HTTP/1.0" 403 162 "-" "WordPress/3.4.2; http://thenewprosperity.org"
216.92.131.44 - - [22/Feb/2014:00:57:34 +0100] "GET / HTTP/1.0" 403 162 "-" "WordPress/3.8; http://www.triplepundit.com"
89.151.73.40 - - [22/Feb/2014:00:57:34 +0100] "GET /?9155553=5259788 HTTP/1.0" 403 162 "-" "WordPress/3.8.1; http://es.blog.eu.playstation.com"

You can prevent them from overloading your server by simply blocking the WordPress useragent.

You do this on nginx via:

if ($http_user_agent ~* wordpress){
        return 403;
}

Google also pointed me to this, which has a tutorial for Apache

 

 

 

iMer

  • Love 5

Share this post


Link to post

I was getting this too, from stupid lebanese kids at novametin2

they are going around attacking other servers lately.. would be nice to see their server get destroyed.. they were pestering me with attacks for 2 weeks till I got a Solar Comm. server.

Share this post


Link to post

Just checked my logs and they were full of thousands of these requests D:

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.