1 подписчик

Борьба с хакерами

11 марта 202411 мар 2024

5 мин

Занимаюсь поддержкой и SEO-оптимизацией сайтов.
Некоторое время назад озаботился устранением ошибок типа Error 404 на одном из сайтов.
Обратил внимание, что после устранения реальных 404, количество ошибок остается весьма значительным и регулярным.
Стал смотреть по каким запросам и с каких IP адресов поступают запросы.
В основном запрашивают файлы в формате .php, используемый CMS Joomla и WordPress. Очевидно, это "добрые" люди хотят взломать сайт.

Наиболее активным user-ам (в основном из США, Британии, Польши) закрыл доступ по IP.

Вот перечень тех, кого не пускаю на сайт:
101.36.108.158 103.139.17.124 103.78.0.60 104.28.200.97 107.152.98.5 109.169.10.4 13.79.195. 13.90.203.170
128.199.178.212 137.220.197.141 138.68.137.241 185.196.8.247 143.110.245.108 143.198.81.71 146.190.92. 167.86.110.100
172.94.10.9 173.201.191.163 173.249.29.208 173.249.52.120/31 173.249.52.122/32 179.43.135.177 185.144.63.100
185.185.80.231 185.196.8.247 188.166.99.151 194.169.175. 194.38.22. 2.58.56.107 202.61.232.121 205.210.31.57
34.231.240.212 37.19.217.99 37.139.129. 40.121.34.68 40.74.0. 40.77.167. 45.55.38.135 45.66.230.30
45.80.158.152 45.81.39.34 45.94.31.199 45.141.215.210 47.128. 51.159.197.229 52.156.188.85 52.167.144.180 52.169.236.57 54.204.77.53 5.9.117.98 64.124.8. 82.165.204.20 83.99.151. 89.248.174.9 91.92.245.173/32 91.92.245.174/31 91.92.245.176/32 91.92.255.170 91.92.251.220 94.72.115.135 94.72.117.32 94.72.115.
94.72.117. 94.156.68.85 94.156.69.118

Как Вы заметили, некоторых вырезаю поддиапазоном адресов.

А вот перечень запросов, которые посчитал вредными для моего сайта:

/.well-known/about.php /.well-known/acme-challenge/cloud.php /.well-known/pki-validation/about.php
/.well-known/pki-validation/cloud.php /®.php /2021/wp-includes/wlwmanifest.xml /a.php/wp-admin/install.php /a.phpatom
/about.php /about.php7 /accesson.php /admin-post.php /adminfuns.php7 /administrator/manifests/files/joomla.xml
/ads.txt /ai.txt /ajax-actions.php /alfa-rex.php7 /alfa-rex2.php7 /alfanew.php /alfanew.php7
/alfanew.PHP7 /alfanew2.php7 /assets/filemanager/dialog.php /assets/images/accesson.php /avaa.php
/bitrix/admin/accesson.php /bitrix/admin/on.php /blog/wp-admin/install.php /blog/wp-includes/wlwmanifest.xml
/cache-compat.php /cgi-bin/about.php /cgi-bin/cgi-bin/about.php7 /cgi-bin/cloud.php /cgi-bin/install.php
/CHANGELOG.txt /chosen.php /cjfuns.php /class.api.php /classwithtostring.php /cloud.php /cms/wp-admin/install.php
/cms/wp-includes/wlwmanifest.xml /core/CHANGELOG.txt /core3.php /css/cloud.php /css/install.php /dropdown.php
/ebs.php7 /ee.php /emergency.php /file.php /filemanager.php /filemanager/dialog.php /fm.php /fw.php
/humans.txt /images/about.php /images/cloud.php /images/wlw/wp-icon.png /img/about.php /img/cloud.php /img/dogovor.gif
/inc.php /index_sso.php /inputs.php /install.php /integration/saveGangster.action /ioxi-rex4.php7 /js/js.js
/js/lib/flex.js /js/mage/adminhtml/product.js /js/mage/adminhtml/sales.js /js/mage/adminhtml/tools.js
/js/mage/cookies.js /js/mage/translate_inline.js /js/prototype/validation.js /js/varien/js.js /libraries/legacy/updates.php
/libraries/phpmailer/updates.php /ll.php /lol.php /magento_version /mah.php /manager.php /mgr.php
/misc/ajax.js /mobile/admin/managefile.asp /mobile/sp_admin_852/managefile.asp /my1.php /oerzrsld.php
/oldsite/wp-admin/install.php /pass.php /php/thinkphp/aaaffff123.php /phpmyadmin/index.php /RELEASE_NOTES.txt
/repeater.php /reset.php /sellers.json /sftp-config.json /shell.php /shop/wp-includes/wlwmanifest.xml /simple.php
/site/wp-admin/install.php /site/wp-includes/wlwmanifest.xml /sj_iconstruct/fonts/glyphicons-halflings-regular-2.html
/skin/adminhtml/default/default/boxes.css /sp_admin_852/managefile.asp /st.php /static/admin/css/base.css
/style.php /tczuqaat.php /templates/sj_iconstruct/fonts/glyphicons-halflings-regular-2.html /test/wp-admin/install.php
/test/wp-includes/wlwmanifest.xml /tiny.php /tinyfilemanager.php /tinyfilemanager/tinyfilemanager.php /up.php
/updates.php /user.action /users.php /view-source: /vuln.php /web/wp-admin/install.php
/web/wp-includes/wlwmanifest.xml /wordpress /wp /wp-consar.php /wp-content/about.php /wp-content/banners/about.php
/wp-content/blogs.dir/about.php /wp-content/dropdown.php /wp-content/gallery/about.php /wp-content/inputs.php
/wp-content/install.php /wp-content/languages/about.php /wp-content/lol.php /wp-content/plugins/auxin-portfolio/public/assets/js/portfolio.min.js /wp-content/plugins/Cache/Cache.php
/wp-content/plugins/Cache/dropdown.php /wp-content/plugins/classic-editor/wp-login.php /wp-content/plugins/fix/up.php
/wp-content/plugins/hellopress/wp_filemanager.php
/wp-content/plugins/install.php /wp-content/plugins/lol.php
/wp-content/plugins/royal-elementor-addons/assets/js/modal-popups.min.js
/wp-content/plugins/seoo/alfa-ioxi.php /wp-content/plugins/seoo/wsoyanz.php /wp-content/plugins/seoo/wsoyanz1.php
/wp-content/plugins/seoplugins/mar.php /wp-content/plugins/wp-fastest-cache/js/schedule.js /wp-content/repeater.php
/wp-content/themes/about.php /wp-content/themes/bricks/assets/js/feedback.min.js /wp-content/themes/seotheme/mar.php
/wp-content/updates.php /wp-content/updraft/about.php /wp-content/upgrade-temp-backup/about.php /wp-head.php
/wp-includes.bak/html-api/about.php /wp-includes/block-patterns/about.php /wp-includes/blocks/about.php
/wp-includes/customize/about.php /wp-includes/ID3/about.php /wp-includes/ID3/license.txt /wp-includes/images/about.php
/wp-includes/IXR/about.php /wp-includes/js/jquery/jquery.js /wp-includes/js/tinymce/plugins/compat3x/css/index.php
/wp-includes/js/tinymce/utils/about.php /wp-includes/pomo/about.php /wp-includes/Requests/about.php
/wp-includes/Requests/Text/admin.php /wp-includes/rest-api/about.php /wp-includes/SimplePie/about.php
/wp-includes/style-engine/about.php /wp-includes/Text/about.php /wp-includes/widgets/about.php
/wp-json/wpgmza/v1/markers /wp-login.php /wp-p.php7 /wp-plain.php /wp1/wp-includes/wlwmanifest.xml
/ws.php7 /wso.php /wsoyanz.php /yanz.php

По всем этим запросам активным user-ам отдаю текстовый файл с дружеским посланием - может пригодится...

В итоге, количество Error 404 уменьшилось примерно до 10% (было около 26%)