I am running a wordpress website with high traffic, my server load gets very high and while checking apache status i found flood of wordpress searches like this
/?s=\"khabarnaak\"&id=39790 HTTP/1.0
Now this doesn’t looks like a normal search, is this some kind of attack ? or some issue with plugin ?
How can i dig into it or find a root cause
1 Answer
I’m sure you’ve googled ‘khabarnaak’ – it’s a Pakistani talk show.
It’s more likely to be an automated scraper trying to find content rather than an attack. The request does not look like it has been crafted for a WordPress site.
Two ways to stop it are:
-
Block the IPs making the request. Add ‘Deny from XX.XX.XX.XX’ to your htaccess file, replacing XX.XX.XX.XX with the IP address. You need to be careful that you don’t block valid requests using this method by checking the logs
-
Block the request itself. Add the following to your htaccess file:
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{QUERY_STRING} ^.*(s=\"khabarnaak\").* [NC] RewriteRule ^(.*)$ - [F,L] </IfModule>(untested)
Here is a good article about blacklisting methods: https://perishablepress.com/eight-ways-to-blacklist-with-apaches-mod_rewrite/
