shell.php user.php fake .php

  • Resolved startechmarketing

    (@startechmarketing)


    1 year ago

    How do I block attempts to access non-existant .php files, in the rank-math 404 monitor have 2,000 + items with alfa.php, xleet.php, user.php, init.php etc . should I be concerned ? How can I protect my site from things like this ?

    Thanks

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author AITpro

    (@aitpro)

    Those are standard Bot recon probes to check if your website is hacked. 99% of hacking is automated using Bots. You can ignore those 404 errors since the hacker files don’t exist and Google will not penalize you for those 404 errors.

    Thread Starter startechmarketing

    (@startechmarketing)

    Thanks for the response. In the last few hours I see things like /admin/login.tx and .well-known/acme-challenge

    If I have a list of these is there a way to block the bots that are looking for non-existant files and folders ?

    Plugin Author AITpro

    (@aitpro)

    Hacker bot probes occur every day all day long. You don’t need to be concerned about them at all. I will post some htaccess code to block these bot probes, but what is most important for you to understand is the bot probes are meaningless and do not cause any problems for websites. So the best thing to do is just to ignore them.

    This code will block specific filenames. Replace filename.php with the actual filenames you would like to block. Filenames are separated by the pipe operator | which means “or” in htaccess code. Add this code in BPS Root Custom Code text box: 14. CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE

    Click the Save Root Custom Code button to save the code. Activate Root folder BulletProof Mode to have this code written to your root htaccess file. You will repeat that process each time you edit this code.

    # BEGIN BPS DENY ACCESS TO FILES
<FilesMatch "^(filename\.php|filename\.php|filename\.php)">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>

<IfModule !mod_authz_core.c>
<IfModule mod_access_compat.c>
Order Allow,Deny
Deny from all
</IfModule>
</IfModule>
</FilesMatch>
# END BPS DENY ACCESS TO FILES
    Plugin Author AITpro

    (@aitpro)

    Assuming all questions have been answered – the thread has been resolved. If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. I still receive email notifications when threads have been resolved.

    Thread Starter startechmarketing

    (@startechmarketing)

    Thanks I am afraid to try your code as I was told by my host problems with updating plugins was due to code like this.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘shell.php user.php fake .php’ is closed to new replies.