My wordpress has the following .htacess file :
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .php /index.php [L,R=404]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I have been recently seeing these URLs in error.log
[Wed Aug 31 04:02:28 2011] [error] [client 69.162.74.102] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 04:02:32 2011] [error] [client 69.162.74.102] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 04:02:32 2011] [error] [client 69.162.74.102] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 04:02:32 2011] [error] [client 69.162.74.102] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 04:02:32 2011] [error] [client 69.162.74.102] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 04:19:40 2011] [error] [client 67.205.102.172] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 04:19:42 2011] [error] [client 67.205.102.172] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 04:19:42 2011] [error] [client 67.205.102.172] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 04:19:42 2011] [error] [client 67.205.102.172] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 04:19:42 2011] [error] [client 67.205.102.172] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 08:53:30 2011] [error] [client 67.205.102.172] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 08:53:32 2011] [error] [client 67.205.102.172] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 08:53:32 2011] [error] [client 67.205.102.172] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 08:53:32 2011] [error] [client 67.205.102.172] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 08:53:32 2011] [error] [client 67.205.102.172] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 10:30:24 2011] [error] [client 124.124.204.58] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 10:31:12 2011] [error] [client 124.124.204.58] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 10:31:12 2011] [error] [client 124.124.204.58] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 10:31:12 2011] [error] [client 124.124.204.58] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Aug 31 10:31:12 2011] [error] [client 124.124.204.58] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
Problem is every time this URL hits our server it goes to WordPress (see .htaccess rules) which scans the db for pages matching this. This is causing an unnecessary spike on the server which is causing apache to segfault.
How can i prevent this URL from hitting Wp?
May be you want to block this kind of accesses via iptables. Just go to your server with root account via ssh and type:
The
F
flag sends a403 Forbidden
response when the rule matches:Add this just after
RewriteBase /
.BTW the
[error] client sent HTTP/1.1 request without hostname
errors suggest that apache is replying with a400 Bad request
status and these requests don’t even hit wordpress.