查看访问日志,我看到来自同一 IP 地址的一系列请求,这些请求向文件发出请求并附加到.phpURL .php5。
日志看起来像这样:
104.[..] - - [26/Feb/2016:21:37:53 -0500] "GET /wp-content/uploads/2014/09/gal1-630x21014ff1e.php HTTP/1.0" 404 7817 "-" "-"
104.[..] - - [26/Feb/2016:21:37:54 -0500] "GET /wp-content/uploads/2014/09/gal1-630x21016f.php5 HTTP/1.0" 301 0 "-" "-"
104.[..] - - [26/Feb/2016:21:37:54 -0500] "GET /wp-content/themes/twentyfourteen/images/pattern-light218.php5 HTTP/1.0" 404 25166 "-" "-"
104.[..] - - [26/Feb/2016:21:37:56 -0500] "GET /wp-content/themes/twentyfourteen/images/pattern-light3782.php. HTTP/1.0" 301 0 "-" "-"
104.[..] - - [26/Feb/2016:21:37:56 -0500] "GET /wp-content/uploads/2014/09/gal1-630x21016f.php5 HTTP/1.0" 404 7817 "-" "-"
104.[..] - - [26/Feb/2016:21:37:57 -0500] "GET /wp-content/uploads/2014/09/gal1-630x21026f.php. HTTP/1.0" 301 0 "-" "-"
是什么发出了这些请求?这些请求已经持续了好几天了,每隔一两秒就会出现一次。
答案1
这是机器人扫描漏洞,是互联网的背景噪音。确保您的 Wordpress 及其插件是最新的,并保持最新状态。
在 Linux 系统上,您可能能够使用 fail2ban 或 OSSEC 等工具在一定程度上解决此问题。