: How to respond to attack on web site I have wordpress site that is under some kind of bot attack. I checked apache logs and there's get request to a single post on my blog every second
I have wordpress site that is under some kind of bot attack.
I checked apache logs and there's get request to a single post on my blog every second (sometimes there's more than one per second).
When i block ip address of attacker in htaccess file, requests continue but it's one every 5-10 seconds. If i unblock it, after few minutes it get's back to 1 or more every second.
IP Address of attacker is changing once or twice every day.
I have wordfence plugin installed that blocks attacks, i also manualy add ip adresses to htaccess, but i'm interested if there's another way to block this guy for good...
He's always identified as blank user agent, always get same page and it's always only one single page request.
Here's part of apache log with attack.
178.222.186.246 - - [20/May/2013:02:35:46 -0500] "GET /2012/01/19/skembici-u-saftu/ HTTP/1.1" 200 48097 "-" "-"
178.222.186.246 - - [20/May/2013:02:35:55 -0500] "GET /2012/01/19/skembici-u-saftu/ HTTP/1.1" 200 47939 "-" "-"
178.222.186.246 - - [20/May/2013:02:35:59 -0500] "GET /2012/01/19/skembici-u-saftu/ HTTP/1.1" 200 47970 "-" "-"
More posts by @Mendez628
1 Comments
Sorted by latest first Latest Oldest Best
Since the user agent is blank, you could use that to trigger a block:
RewriteEngine On
SetEnvIfNoCase User-Agent "^-?$" bad_user
Deny from env=bad_user
I put in -? in case the user agent being sent is actually a dash. It is very hard to tell from your logs whether it is actually blank, or if it is a dash.
The linked resource on StackOverflow has examples of several other rules based on User-Agent and Referrer as well.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.