by 有一台vpc的cpu使用率持续超过80%,检查过后发现是php-fpm,于是对它进行处理
发现日志中
143.92.34.188 – – [01/Oct/2024:07:10:12 +0800] "POST /xmlrpc.php HTTP/1.1" 200 414 "http://www.****.top:1080" "Mozilla/5.0 (Linux;u;Android 4.2.2;zh-cn;)"
143.92.34.188 – – [01/Oct/2024:07:10:13 +0800] "POST /xmlrpc.php HTTP/1.1" 200 414 "http://www.****.top:1080" "Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html\xA1\xB1)"
143.92.34.188 – – [01/Oct/2024:07:10:13 +0800] "POST /xmlrpc.php HTTP/1.1" 200 414 "http://www.****.top:1080" "msnbot/1.0 (+http://search.msn.com/msnbot.htm\xA1\xB1)"
143.92.34.188 – – [01/Oct/2024:07:10:14 +0800] "POST /xmlrpc.php HTTP/1.1" 200 414 "http://www.****.top:1080" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html\xA3\xA9"
143.92.34.188 – – [01/Oct/2024:07:10:15 +0800] "POST /xmlrpc.php HTTP/1.1" 200 414 "http://www.****.top:1080" "AppleWebKit/534.46 (KHTML,like Gecko) Version/5.1 Mobile Safari/10600.6.3"
143.92.34.188 – – [01/Oct/2024:07:10:16 +0800] "POST /xmlrpc.php HTTP/1.1" 200 414 "http://www.****.top:1080" "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
143.92.34.188 – – [01/Oct/2024:07:10:19 +0800] "POST /xmlrpc.php HTTP/1.1" 200 414 "http://www.****.top:1080" "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp\xA1\xB1)"
143.92.34.188 – – [01/Oct/2024:07:10:21 +0800] "POST /xmlrpc.php HTTP/1.1" 200 414 "http://www.****.top:1080" "iaskspider/2.0(+http://iask.com/help/help_index.html\xA1\xB1)"
考虑到可能是php rpc,有人在尝试破解我的密码,不管3721,粗暴处理,关闭再说,反正也不用
在functions.php中增加了
add_filter('xmlrpc_enabled','__return_false');
2024年10月7日更新
发现日志中依然是 POST /xmlrpc.php
最后决定在nginx中增加以下内容,防止黑客访问xmlrpc.php 和wp-login.php
location ~* /xmlrpc.php {
deny all;
}
location ~* /wp-login.php {
deny all;
}
近期评论