相当困惑...
Apache 访问日志不断显示 Wordpress 网站被黑客入侵后调用的垃圾 URL。我认为我已经删除了黑客入侵,但仍有一些东西在网站上频繁调用这些垃圾 URL,我正在尝试阻止它们。
我有几个问题需要解决:
为什么它们会显示为 302 标头,而实际上却是 404?我有一个服务器防火墙,用于在特定时间范围内阻止出现过多 404 的流量,但对于出现过多 302 的情况,这不起作用。
我已经设置了 Cloudflare,因此流量会通过那里,并且我已阻止对该站点的访问,除非通过 Cloudflare IP。在 Cloudflare 中,我已启用 Under Attack 模式,等待 5 秒钟才能访问该站点。这没有效果,URL 不断出现!
所以我很困惑为什么会显示这么多 302,以及他们如何在攻击模式下直接访问网站或通过 Cloudflare 访问网站。
谢谢
162.158.159.136 - - [08/Jul/2022:11:14:03 +0100] "GET /injection-chyb6MR/b12-rapid-burner-9rV6kv-injection HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; SemrushBot/7~bl; +http://www.semrush.com/bot.html)"
162.158.159.10 - - [08/Jul/2022:11:14:04 +0100] "GET /MywTbl-loss/golo-weight-loss-0AqcQ-product-review-site-gov HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; DataForSeoBot/1.0; +https://dataforseo.com/dataforseo-bot)"
162.158.159.8 - - [08/Jul/2022:11:14:05 +0100] "GET /injection-chyb6MR/b12-rapid-burner-9rV6kv-injection/ HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; SemrushBot/7~bl; +http://www.semrush.com/bot.html)"
162.158.159.8 - - [08/Jul/2022:11:14:06 +0100] "GET /qcyvPfd-actually/best-weight-loss-pill/that-VNcLV6kv-actually-work HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; DataForSeoBot/1.0; +https://dataforseo.com/dataforseo-bot)"
162.158.159.8 - - [08/Jul/2022:11:14:07 +0100] "GET /54ijd-post/weight-loss-medication-post-bariatric-surgery-8qY62 HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; DataForSeoBot/1.0; +https://dataforseo.com/dataforseo-bot)"
141.101.107.138 - - [08/Jul/2022:11:14:09 +0100] "GET /canasa-Ai864ijX/SzIO8-canasa-erectile-dysfunction HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; SemrushBot/7~bl; +http://www.semrush.com/bot.html)"