恶意扫描 post get /wp-login.php

原创 赤水  2015年12月18日 03:53 阅读 138 次

今天发现有人在扫我的博客系统,日志如下(已经返回302,还在一直扫):

 

121.42.0.17 - - [18/Dec/2015:02:31:56 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:31:59 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:02 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:04 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:06 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:08 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:10 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:12 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:14 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:16 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:19 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:22 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:25 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:28 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:31 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:34 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:37 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:39 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:41 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:43 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:45 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:47 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:50 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:52 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:55 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:32:57 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:33:00 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:33:02 +0800] "POST /wp-login.php HTTP/1.1" 302 156 
121.42.0.17 - - [18/Dec/2015:02:33:05 +0800] "POST /wp-login.php HTTP/1.1" 302 156 

 

可以看到这个Ip  一直在尝试post 数据到 /wp-login.php ,万幸的对我的博客有一系列安全访问策略,

后来百度发现 wordpress默认的登陆地址存在安全隐患,需要更改/wp-login.php

 

add_action('login_enqueue_scripts','login_protection');
    function login_protection(){
    if($_GET['root'] != 'lssin')header('Location: http://127.0.0.1');
}

 

 

 

本文地址: https://blog.lssin.com/readblog/31.html
版权声明:本文为原创文章,版权归  赤水 所有,欢迎分享本文,转载请保留出处!

发表评论


表情