"Anyone running a non-wordpress site will testify to that."
Yes, indeed. I have run my own web/mailserver from home for years as a hobby, and do not use PHP (or even have it installed). The amount of hits you get with bots (and I think compromised MS machines) looking for wp php files is a pain.
A few years ago I got fed up with this nonsense, so knocked up a bit of perl that tails httpd access_log for such requests - if found, a bit of perl regex grabs the ip, then adds it to IPSETS group - instant firewall drop forever until I clear the IPSET.
Now, one strange thing is these 'bots' (or rather the code that does it) seems to be intelligent, and once dropped, it seems to remember - as I clean out and reset my firewall sometimes, the same IP's never come back - but new ones do. I will have to do some proper analysis on it one day
I run similar code on my mail server logs too for 'other' type bots.
FYI I last cleared it out and reset 5th June 2016 - here is the captured IP's since:
46.118.158.214 httpd Sun Jun 5 12:29:17 2016
157.55.39.56 httpd Sun Jun 5 13:57:17 2016
133.130.124.174 httpd Sun Jun 5 13:57:22 2016
207.46.13.150 httpd Sun Jun 5 13:58:49 2016
51.254.97.219 httpd Sun Jun 5 14:35:11 2016
212.83.177.193 httpd Sun Jun 5 16:03:56 2016
5.9.89.170 httpd Sun Jun 5 16:09:49 2016
69.30.198.178 httpd Sun Jun 5 16:19:27 2016
136.243.152.18 httpd Sun Jun 5 17:14:30 2016
51.254.129.9 httpd Sun Jun 5 19:41:22 2016
157.55.39.205 httpd Sun Jun 5 20:28:26 2016
5.9.73.227 httpd Sun Jun 5 20:31:14 2016
162.210.196.100 httpd Sun Jun 5 23:08:18 2016
51.254.215.143 httpd Mon Jun 6 03:10:05 2016
5.249.157.205 httpd Mon Jun 6 05:35:40 2016
40.77.167.33 httpd Mon Jun 6 06:09:06 2016
190.7.136.147 httpd Mon Jun 6 08:57:51 2016
199.58.86.206 httpd Mon Jun 6 12:14:57 2016
207.46.13.117 httpd Mon Jun 6 12:40:24 2016
207.46.13.128 httpd Mon Jun 6 12:57:29 2016
62.210.90.118 httpd Mon Jun 6 13:32:46 2016
157.55.39.100 httpd Mon Jun 6 14:29:09 2016
178.0.26.166 httpd Mon Jun 6 15:15:16 2016
109.248.32.78 httpd Mon Jun 6 16:51:17 2016
157.55.39.208 httpd Mon Jun 6 18:56:04 2016
157.55.39.179 httpd Mon Jun 6 22:03:25 2016
178.211.164.180 httpd Mon Jun 6 23:53:44 2016
207.46.13.180 httpd Tue Jun 7 00:05:58 2016
1.55.245.42 httpd Tue Jun 7 01:15:40 2016
40.77.167.12 httpd Tue Jun 7 02:42:36 2016
178.162.211.200 httpd Tue Jun 7 02:59:22 2016
103.231.44.52 smtpd Tue Jun 7 09:34:16 2016
157.55.39.148 httpd Tue Jun 7 11:33:48 2016
91.200.12.132 httpd Tue Jun 7 13:18:25 2016
69.197.177.50 httpd Tue Jun 7 20:33:49 2016
207.46.13.105 httpd Tue Jun 7 20:35:22 2016
144.76.93.46 httpd Tue Jun 7 20:42:42 2016
51.254.32.82 httpd Tue Jun 7 21:34:10 2016
188.126.129.20 httpd Tue Jun 7 22:02:18 2016
181.143.8.34 httpd Tue Jun 7 22:10:46 2016
106.184.3.122 smtpd Tue Jun 7 22:17:17 2016
62.210.107.201 httpd Tue Jun 7 22:25:19 2016
5.9.111.70 httpd Tue Jun 7 23:40:23 2016
157.55.39.28 httpd Wed Jun 8 00:08:55 2016
51.254.129.91 httpd Wed Jun 8 02:29:19 2016
51.254.141.30 httpd Wed Jun 8 03:15:36 2016
157.55.39.213 httpd Wed Jun 8 07:05:58 2016
71.6.165.200 smtpd Wed Jun 8 08:00:40 2016
69.197.177.26 httpd Wed Jun 8 08:04:28 2016
195.154.185.20 httpd Wed Jun 8 15:32:17 2016
142.54.184.90 httpd Wed Jun 8 16:51:53 2016
183.182.100.26 smtpd Wed Jun 8 17:14:12 2016
208.100.26.231 smtpd Wed Jun 8 23:36:36 2016
104.41.203.153 httpd Wed Jun 8 23:56:00 2016
40.77.167.6 httpd Thu Jun 9 09:18:38 2016
169.229.3.91 httpd Thu Jun 9 10:13:03 2016
144.76.29.162 httpd Thu Jun 9 19:41:56 2016
46.4.32.75 httpd Thu Jun 9 20:49:59 2016
144.76.7.107 httpd Thu Jun 9 21:06:52 2016
51.254.32.67 httpd Fri Jun 10 00:15:29 2016
149.202.54.5 httpd Fri Jun 10 01:22:23 2016
143.202.77.99 httpd Fri Jun 10 04:40:51 2016
195.154.187.115 httpd Fri Jun 10 04:43:25 2016
51.255.194.31 httpd Fri Jun 10 05:14:35 2016
157.55.39.225 httpd Fri Jun 10 09:19:22 2016
5.39.216.131 httpd Fri Jun 10 15:39:39 2016
157.55.39.147 httpd Fri Jun 10 15:55:12 2016
Nick
|