简体繁体 English

阻止漫游器访问wp-login.php

[英]Block bots accessing wp-login.php

原文 2016-08-30 18:14:30 5 1 php/ .htaccess/ bots/ blocking

I've launched my first real website last week and after analyzing the logs, I found that some bots are searching for vulnerabilities in the website. 上周，我启动了我的第一个真实网站，在分析日志后，我发现一些机器人正在搜索该网站中的漏洞。

For example, somes are calling ajax web pages without being on the website. 例如，有些人在不访问网站的情况下调用ajax网页。 Others are trying to access to the wp-login.php page even if the website is not powered by Wordpress. 即使该网站不是由Wordpress驱动的，其他人仍试图访问wp-login.php页面。 Actually, the first ones have been able to produce an error on the website which is why I've looked threw the logs. 实际上，第一个已经能够在网站上产生错误，这就是为什么我看过扔日志的原因。

I came to an idea of a script which everytime an IP hits the wp-login.php page, I add it to the .htaccess file to block the IP. 我想到了一个脚本，每当IP到达wp-login.php页面时，我便将其添加到.htaccess文件中以阻止IP。

Is it a great solution to fight against these bots ? 对抗这些机器人是一个很好的解决方案吗？ What would you do ? 你会怎么做？

1 个解决方案

Is your website powered by wordpress or not? 您的网站是否由wordpress驱动？

If it is not, and they are just getting "404 not found" for the file, then i would not worry to much about it yet as most will just move on after seeing these files do not exist. 如果不是，他们只是为文件找到“ 404 not found”，那么我就不用担心了，因为大多数人会在看到这些文件不存在后继续前进。 There are literally millions and millions of rogue bots on the web probing for these common file paths. 实际上，网络上有数以百万计的流氓机器人正在探查这些常见文件路径。

What you need to learn is .HTaccess and PHP. 您需要学习的是.HTaccess和PHP。 (if your server has these things.) （如果您的服务器有这些东西。）

You definitely do not want to add just single IP addresses into your .HTaccess file. 您绝对不希望仅将单个IP地址添加到您的.HTaccess文件中。 This should be reserved for large block ranges of IP addresses, most of which should be data center block IP's, and not ISP blocks. 这应该保留给IP地址的大块范围，其中大多数应该是数据中心块IP，而不是ISP块。

There is no simple answer to blocking bots as there is a different solution for the many scenarios in different environments. 对于阻止僵尸程序没有简单的答案，因为针对不同环境中的许多方案存在不同的解决方案。

Bottom line here is if you yourself want to do the blocking, it will require you to learn actual server side scripting languages, and other server security measures. 底线是如果您自己想执行阻止，它将要求您学习实际的服务器端脚本语言和其他服务器安全措施。 Also you could use Javascript for certain filters as well. 您也可以将Javascript用于某些过滤器。

If you are on Apache server - learn some .HTaccess and PHP. 如果您使用的是Apache服务器-请学习一些.HTaccess和PHP。 Those 2 are invaluable to you. 那两个对您来说是无价的。 They will give you GOD status over your environment. 它们将为您提供整个环境中的上帝状态。