Wiki

User Tools

Site Tools

Trace:
linux:debug_charge:exemple_grep_ip_serveur_web

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux:debug_charge:exemple_grep_ip_serveur_web [2020/05/05 21:07] Philippe Robertlinux:debug_charge:exemple_grep_ip_serveur_web [2020/05/05 21:27] (current) – [Semrush / SemrushBot] Philippe Robert
Line 31: Line 31:
   * Bloquer l'adresse IP (54.36.38.246 dans notre example) avec le firewall du serveur.   * Bloquer l'adresse IP (54.36.38.246 dans notre example) avec le firewall du serveur.
  
-===== Semrush =====+==== wp-login.php ==== 
 +<code> 
 +/var/log/httpd/domains/mon-domaine.xxx.log:840:13.82.87.18 - - [05/May/2020:06:38:39 +0200] "POST /wp-login.php HTTP/1.1" 200 2477 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:841:13.82.87.18 - - [05/May/2020:06:38:41 +0200] "GET /wp-login.php HTTP/1.1" 200 2346 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:842:13.82.87.18 - - [05/May/2020:06:38:43 +0200] "POST /wp-login.php HTTP/1.1" 200 2454 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:851:111.231.141.206 - - [05/May/2020:06:45:18 +0200] "GET /wp-login.php HTTP/1.1" 200 2346 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:852:111.231.141.206 - - [05/May/2020:06:45:20 +0200] "POST /wp-login.php HTTP/1.1" 200 2477 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:853:111.231.141.206 - - [05/May/2020:06:45:21 +0200] "GET /wp-login.php HTTP/1.1" 200 2346 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:854:111.231.141.206 - - [05/May/2020:06:45:25 +0200] "POST /wp-login.php HTTP/1.1" 200 2454 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:866:162.243.27.248 - - [05/May/2020:06:54:46 +0200] "GET /wp-login.php HTTP/1.1" 200 2346 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:867:162.243.27.248 - - [05/May/2020:06:54:52 +0200] "POST /wp-login.php HTTP/1.1" 200 2477 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:868:162.243.27.248 - - [05/May/2020:06:54:58 +0200] "GET /wp-login.php HTTP/1.1" 200 2346 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:869:162.243.27.248 - - [05/May/2020:06:55:03 +0200] "POST /wp-login.php HTTP/1.1" 200 2454 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:877:185.120.147.145 - - [05/May/2020:07:05:26 +0200] "GET /wp-login.php HTTP/1.1" 200 2346 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:878:185.120.147.145 - - [05/May/2020:07:05:28 +0200] "POST /wp-login.php HTTP/1.1" 200 2477 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:879:185.120.147.145 - - [05/May/2020:07:05:28 +0200] "GET /wp-login.php HTTP/1.1" 200 2346 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:880:185.120.147.145 - - [05/May/2020:07:05:29 +0200] "POST /wp-login.php HTTP/1.1" 200 2454 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:894:206.189.136.156 - - [05/May/2020:07:15:21 +0200] "GET /wp-login.php HTTP/1.1" 200 2346 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:895:206.189.136.156 - - [05/May/2020:07:15:23 +0200] "POST /wp-login.php HTTP/1.1" 200 2477 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:896:206.189.136.156 - - [05/May/2020:07:15:23 +0200] "GET /wp-login.php HTTP/1.1" 200 2346 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +/var/log/httpd/domains/mon-domaine.xxx.log:897:206.189.136.156 - - [05/May/2020:07:15:24 +0200] "POST /wp-login.php HTTP/1.1" 200 2454 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 
 +</code> 
 + 
 +Généralement effectués via plusieurs IPs (zombies) sur une période plus ou moins longue. 
 + 
 + 
 +Pour résoudre le problème, vous pouvez: 
 +  * [[wordpress:bloquer_brute_force|Bloquer l'accès au fichier wp-login.php à l'aide d'un fichier .htaccess]]. IMPORTANT DE RENVOYER LA REQUÊTE VERS UN AUTRE SITE QUI N'EST PAS SUR VOTRE SERVEUR...EX: google.com. 
 +  * Bloquer le/les adresses IPs  avec le firewall du serveur. 
 + 
 + 
 +===== Semrush /  SemrushBot=====
 <code> <code>
 /var/log/httpd/domains/mon-domaine.com.log:1224:46.229.168.129 - - [05/May/2020:10:31:09 -0400] "GET /lapis-surabaya-ekonomis/ HTTP/1.1" 302 4327 "-" "Mozilla/5.0 (compatible; SemrushBot/6~bl; +http://www.semrush.com/bot.html)" /var/log/httpd/domains/mon-domaine.com.log:1224:46.229.168.129 - - [05/May/2020:10:31:09 -0400] "GET /lapis-surabaya-ekonomis/ HTTP/1.1" 302 4327 "-" "Mozilla/5.0 (compatible; SemrushBot/6~bl; +http://www.semrush.com/bot.html)"
Line 55: Line 86:
 /var/log/httpd/domains/mon-domaine.com.log:1340:46.229.168.133 - - [05/May/2020:11:20:28 -0400] "GET /robots.txt HTTP/1.1" 200 4235 "-" "Mozilla/5.0 (compatible; SemrushBot/6~bl; +http://www.semrush.com/bot.html)" /var/log/httpd/domains/mon-domaine.com.log:1340:46.229.168.133 - - [05/May/2020:11:20:28 -0400] "GET /robots.txt HTTP/1.1" 200 4235 "-" "Mozilla/5.0 (compatible; SemrushBot/6~bl; +http://www.semrush.com/bot.html)"
 /var/log/httpd/domains/mon-domaine.com.log:1341:46.229.168.129 - - [05/May/2020:11:20:29 -0400] "GET /tag/variasi-resep-brokoli/ HTTP/1.1" 302 4327 "-" "Mozilla/5.0 (compatible; SemrushBot/6~bl; +http://www.semrush.com/bot.html)" /var/log/httpd/domains/mon-domaine.com.log:1341:46.229.168.129 - - [05/May/2020:11:20:29 -0400] "GET /tag/variasi-resep-brokoli/ HTTP/1.1" 302 4327 "-" "Mozilla/5.0 (compatible; SemrushBot/6~bl; +http://www.semrush.com/bot.html)"
 +</code>
  
 +Vous pouvez le blocker à l'aide d'un fichier robots.txt placé à la racine de votre site avec le contenu suivant:
 +
 +<code>
 +User-agent: SemrushBot
 +Disallow: /
 +
 +User-agent: SemrushBot-SA
 +Disallow: / 
 +
 +User-agent: SemrushBot-BA
 +Disallow: / 
 +
 +User-agent: SemrushBot-SI
 +Disallow: / 
 +
 +User-agent: SemrushBot-SWA
 +Disallow: / 
 +
 +User-agent: SemrushBot-CT
 +Disallow: / 
 +
 +User-agent: SemrushBot-BM
 +Disallow: / 
 </code> </code>
 +
 +Il est aussi possible de bloquer les adresses IPs utilisés par Semrush via le Firewall. Parcontre, Semrush utilise une grande quantité d'adresses IPs. Comme dans notre exemple, plusieurs adresses IPs 46.229.168.XXX
 +
 +Idéalement, vous pouvez bannir les plage entière de IPs pour régler le problème. Pour trouver la plage, vous pouvez aller sur le site de [[https://bgp.he.net|BGP Toolkit de Hurricane Electric]] et y entrer une des adresse IP. La plage d'adresse IP sera incrite dans la colonne //Announcement// après votre recherche sur le site du BGP Toolkit (exemple: 46.229.168.0/24)
linux/debug_charge/exemple_grep_ip_serveur_web.1588712865.txt.gz · Last modified: 2020/05/05 21:07 by Philippe Robert