最近,我们在共享帐户之后为我的一位客户迁移到了新的主机 (DO)。
我正在监控 CPU,它总是保持在 100%,知道该网站的流量并不大,决定检查访问日志,我看到以下内容(1-5 个查询/秒)没有停止。
我删除了我的域名并添加了 example.com
10.17.0.2 - - [19/Nov/2016:09:41:15 +0000] "GET /http:/example.com/wp-content/themes/jupiter/assets/stylesheet/min/critical-path.css HTTP/1.0" 404 47448 "-" "WordPress/4.3.6; http://example.com"
10.17.0.2 - - [19/Nov/2016:09:41:21 +0000] "GET /http://example.com/wp-content/themes/jupiter/assets/stylesheet/min/critical-path.css HTTP/1.0" 301 550 "-" "WordPress/4.3.6; http://example.com"
10.17.0.2 - - [19/Nov/2016:09:41:22 +0000] "GET /http://example.com/wp-content/themes/jupiter/assets/stylesheet/min/critical-path.css HTTP/1.0" 301 550 "-" "WordPress/4.3.6; http://example.com"
10.17.0.2 - - [19/Nov/2016:09:41:16 +0000] "GET /http:/example.com/wp-content/themes/jupiter/assets/stylesheet/min/critical-path.css HTTP/1.0" 404 47445 "-" "WordPress/4.3.6; http://example.com"
10.17.0.2 - - [19/Nov/2016:09:41:16 +0000] "GET /http:/example.com/wp-content/themes/jupiter/assets/stylesheet/min/critical-path.css HTTP/1.0" 404 47472 "-" "WordPress/4.3.6; http://example.com"
10.17.0.2 - - [19/Nov/2016:09:41:22 +0000] "GET /http://example.com/wp-content/themes/jupiter/assets/stylesheet/min/critical-path.css HTTP/1.0" 301 550 "-" "WordPress/4.3.6; http://example.com"
10.17.0.2 - - [19/Nov/2016:09:41:23 +0000] "GET /http://example.com/wp-content/themes/jupiter/assets/stylesheet/min/critical-path.css HTTP/1.0" 301 550 "-" "WordPress/4.3.6; http://example.com"
10.17.0.2 - - [19/Nov/2016:09:41:17 +0000] "GET /http:/example.com/wp-content/themes/jupiter/assets/stylesheet/min/critical-path.css HTTP/1.0" 404 47412 "-" "WordPress/4.3.6; http://example.com"
10.17.0.2 - - [19/Nov/2016:09:41:17 +0000] "GET /http:/example.com/wp-content/themes/jupiter/assets/stylesheet/min/critical-path.css HTTP/1.0" 404 47438 "-" "WordPress/4.3.6; http://example.com"
10.17.0.2 - - [19/Nov/2016:09:41:24 +0000] "GET /http://example.com/wp-content/themes/jupiter/assets/stylesheet/min/critical-path.css HTTP/1.0" 301 550 "-" "WordPress/4.3.6; http://example.com"
10.17.0.2 - - [19/Nov/2016:09:41:24 +0000] "GET /http://example.com/wp-content/themes/jupiter/assets/stylesheet/min/critical-path.css HTTP/1.0" 301 550 "-" "WordPress/4.3.6; http://example.com"
10.17.0.2 - - [19/Nov/2016:09:41:18 +0000] "GET /http:/example.com/wp-content/themes/jupiter/assets/stylesheet/min/critical-path.css HTTP/1.0" 404 47426 "-" "WordPress/4.3.6; http://example.com"
10.17.0.2 - - [19/Nov/2016:09:41:18 +0000] "GET /http:/example.com/wp-content/themes/jupiter/assets/stylesheet/min/critical-path.css HTTP/1.0" 404 47446 "-" "WordPress/4.3.6; http://example.com"
每当我重新启动 Apache 时,它都会恢复正常几分钟,然后洪水再次开始。
我指出了以下几点:
请求此信息的 IPS 是(10.17.0.2、127.0.0.1、服务器 ip、37.1.213.192)
该文件确实存在,当尝试访问它时我只看到 GET /wp-content/...
有时请求是 http:/example(1 个斜线),有时是http://示例
我怎样才能阻止这种混乱?
答案1
据我所知,wordpress 通过 PHP 捕获 404 错误,这非常昂贵。为了防止此请求到达您的 PHP,您有以下选项:
- 创建文件,返回 404,因此 apache 返回空文件
- 通过 .htaccess 阻止此请求