Foreign bots hitting a non-existent "node" directory in my site

  • Any idea why foreign bots keep trying to access a non-existent “node” directory on my WP install? Every day there are dozens of foreign IPs hitting my site trying to access “/node/”, “/1/”, “/17/”, “/node/1/” or “/node/17/”. Every day I block the IPs in htaccess and the next day there’s another set of foreign IPs trying the same directories. Its been going on for a couple weeks.

Viewing 3 replies - 1 through 3 (of 3 total)

  • That’s bots (as you know) and they are searching for Drupal weaknesses. The /node/ page URL’s are standard for Drupal.

    And yes, you will keep on getting hits trying. I’ve got thousands of IP’s blocked on the servers that we look after, and they still keep coming. It will slow up as soon as the bots start to get the message that all of the URl’s that the try are 401’s, but some bots don’t recognse this and jsut keep on trying.

    Thread Starter atdblog

    (@atdblog)

    Would I see any benefit blocking them by that url? Something like:

    # REDIRECT SPAMMER ATTACKS TO BOGUS SITE
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} node
RewriteRule ^/?$ https://www.nixbla.com/ [R=301,L]
RewriteCond %{QUERY_STRING} 1
RewriteRule ^/?$ https://www.nixbla.com/ [R=301,L]
RewriteCond %{QUERY_STRING} 17
RewriteRule ^/?$ https://www.nixbla.com/ [R=301,L]
</IfModule>

    Not sure if that directory “1” statement would work.

    You probaly would. You’ should only see any issues if you have something that is undera /node/ directory on your site now. And ifit was me I’d do it as a wildcard, so (not tested and I have been known to break stuff badly with .htaccess…):

    RewriteRule ^node/([0-9]*)$ - [F]

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Foreign bots hitting a non-existent "node" directory in my site’ is closed to new replies.

Tags