Curbing the script kids

On my main photography site, I’m using a Redirection plugin to track 404 errors and create redirects within WordPress. I do that because my site went through some re-structuring over the years, and in order to keep search engines happy and to find and fix my own screw-ups and typos. 🙂

Most recently, I noticed a dramatic increase in errors that obviously come from scripts that are scanning sites for leftover backup archives, installation archives, database dumps, stuff like that. Normally, I have a single page of 404 error log entries in a day. That’s 100 log entries, which is quite easily manageable, even though there’s a lot of crap in there from similar vulnerability scans. Today though, I had 35 pages or 3500 log entries – not that manageable anymore…

So it was time to do something about it, and send the most obvious offenders away via .htaccess before they reach WordPress. That way, the 404 logs I see in the WordPress plugin are “clean enough” again for me to scan them for stuff that needs fixing.

Here’s what I added to my .htaccess file:

<FilesMatch "(N0W|rededd|dump\.|\.sql|htdocs|localhost\.|\.tar|\.7z)">
Order allow,deny
Deny from all
</FilesMatch>

The “N0W” and “rededd” strings aren’t actually part of those scans for data files, but I saw them appear so often that I thought I might as well block them too.

And so far, so good! My logs are much cleaner. I’ll keep an eye on them and will update the file group pattern above if necessary.

Note: Well, I’m not really good at this RegEx stuff. If you see any potential problem with it – please let me know in a comment. Thanks!

Advertisements

Thoughts? Let me hear them.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s