攻击有两种原因:
1.本身使用了,wordpress的代码,黑客通过pingback 进行洪水攻击工具表现
2016-05-29 09:13:16 xx.xx.xx.xx GET / - 80 - xx.xx.xx.xx WordPress/4.1.11;+http://erogaku.com;+verifying+pingback+from+185.103.109.139 - 200 0 0 4297
2.黑客手中掌握大量WordPress pingback
被攻击表现,看日志
解决方法:
通过nginx 或者Apache去过滤这些非法请求
nginx:
# WordPress Pingback Request Denial
if ($http_user_agent ~* "WordPress") {
return 403;
}
需要确保增加的nginx的worker_connections - 像2,000-3,000或更多,这取决于你的资源可以处理。
尽管Nginx的是现在否认企图,仍然有接受不良请求,并否认它的资源成本。
这是一个很好的起点,但你可能有基于充斥你的博客的请求和数量的频率高走
worker_processes 4;
worker_rlimit_nofile 70000;
events {
worker_connections 2024;
}
Apache:
BrowserMatchNoCase WordPress wordpress_ping
BrowserMatchNoCase Wordpress wordpress_ping
Order Deny,Allow
Deny from env=wordpress_ping
完整配置:
server
{
listen 80;
server_name www.xx.com;
charset utf-8;
if ($http_user_agent ~* "WordPress") {
return 403;
}
location /
{
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.0.1.110; #请求发给后端
error_page 404 /error/404.html;
error_page 502 502/error/502.html;
error_page 400 401 402 403 404 504 /error/error.html;
}
location /error
{
root /usr/local/nginx/html;
}
}
防护实战:
server
{
listen 80;
server_name www.xx.com;
charset utf-8;
if ($http_user_agent ~* "WordPress") {
return 403;
}
location /
{
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.0.1.110; #请求发给后端
error_page 404 /error/404.html;
error_page 502 502/error/502.html;
error_page 400 401 402 403 404 504 /error/error.html;
}
location /error
{
root /usr/local/nginx/html;
}
}
防护实战: