2

My site is being visited lately by IP's (bots?) like this:

XX.XX.XX.XX.broad.pt.fj.dynamic.163data.com.cn

IP Location China China Fuzhou Chinanet Fujian Province Network

The behaviour is the same - (I guess) they are trying to get admin id of a wordpress blog.

GET /blog/wp-login.php HTTP/1.1

then

GET /blog/?author=1 HTTP/1.1

where author=1 to 10

How to block IP's like "XX.XX.XX.XX.broad.pt.fj.dynamic.163data.com.cn"

where XX.XX.XX.XX ranges are 110.*.*.*, 59.*.*.*, ...unknown.

EDIT: my site is on shared hosting - no access to server configuration. Please .htaccess solution if possible (I want to block access on site level, not on wordpress level)

hjpotter92
  • 78,589
  • 36
  • 144
  • 183
snayob
  • 311
  • 2
  • 11
  • Take a look at `fail2ban`. A good, flexible tool that allows to react on log entries in a dynamic manner. – arkascha Nov 15 '15 at 13:50
  • Another thing that reduces problems with a software such vulnerable as wordpress is to rewrite the URLs of typical pages like for example the login page. That way they are still accessible to you, but simple bots won't find them any more. – arkascha Nov 15 '15 at 13:52
  • @arkascha, thanks for fast answer. I have the impression that many sites are using wordpress (and the number is growing). Correct me if I am wrong. I am on shared hosting and no access to server configuration. – snayob Nov 15 '15 at 14:15
  • It indeed is true that the wordpress software becomes more and more popular. But that does not mean it is a robust or well implemented, in contrary. It is a historical grown monster that has been and is extended again and gain. Never a good thing from a security point of view. There is a reason why wordpress is one of the main intrusion points these days. – arkascha Nov 15 '15 at 15:02
  • If you have no access to the server configuration, then how do you want to block any requests? Maybe you have access to `.htaccess` style files. They indeed can be used as "last resort" if nothing else is possible. You can block addresses and ranges there, but that is a chicken chase in the end. Think about rewriting your urls instead. – arkascha Nov 15 '15 at 15:03

1 Answers1

2

Try the following rule:

RewriteEngine On
RewriteCond %{REMOTE_ADDR} pt\.fj\.dynamic\.163data\.com\.cn$
RewriteRule ^ - [F]
hjpotter92
  • 78,589
  • 36
  • 144
  • 183