The common nominator has been that User Agents are empty in HTTP requests. This makes it easy to block all the requests that do not have User Agents. The following configuration does that with NGINX web server:52.164.122.230
52.169.149.155
52.164.216.223
52.164.120.61
52.138.223.216
13.79.162.104
Code: Select all
if ($http_user_agent = "") { return 444; }Code: Select all
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule .* - [F]
Here is the list of URLs that the attacking spider bot is probing:These URLs are likely to contain some existing vulnerabilities in WordPress and other PHP scripts./css.php
/chosen.php
/ioxi-o.php
/flower.php
/file.php
/new.php
/lol.php
/wp-conflg.php
/app.php
/wp-admin/css/colors/blue/index.php
/about/function.php
/wp-admin/network/network.php
/admin.php
/classwithtostring.php
/wp-includes/wp-class.php
/wp-admin/css/about.php
/aa.php
/wp-content/admin.php
/wso.php
/wp-content/uploads/
/wp-content/uploads/about.php
/lock360.php
/xx.php
/mah/function.php
/autoload_classmap.php
/we.php
/v.php
/wp-content/cache/index.php
/wp-includes/blocks/button/index.php
/wp-includes/assets/index.php
/wp-includes/Requests/library/
/wp-includes/Text/about.php
/atomlib.php
/wp-admin/classwithtostring.php
/goods.php
/wp-admin/css/colors/coffee/index.php
/wp-signup.php
/admin/function.php
/cc.php
/manager.php
/wp-includes/block-supports/index.php
/images/class-config.php
/wp-content/about.php
/wp-includes/blocks/block/
/yox.php
/wp-signin.php
/wp-content/plugins/wp-conflg.php
/makeasmtp.php
/item.php
/help.php
/wp-file.php
/wp-includes/PHPMailer/
/wp-admin/users.php
/wp-admin/maint/index.php
/wp-admin/js/index.php
/wp-content/themes/about.php
/wp-includes/customize/index.php
/wp-includes/css/dist/block-library/
/wp-admin/network/index.php
/revision.php
/news.php
/wp-cron.php
/mari.php
/wp-content/uploads/2023/08/
/wp-content/plugins/index.php
/wp-includes/Requests/library/index.php
/wp-admin/user/about.php
/randkeyword.PhP7
/12.php
/class.php
/wp-admin/css/colors/blue/admin.php
/mar.php
/wp-class.php
/he.php
/wp-content/plugins/about.php
/alfa.php
/wi.php
/wp-admin/includes/xmrlpc.php
/cloud.php
/about.php
/wp-content/uploads/de_fb_uploads/b.php
/doc.php
/wp-includes/rest-api/
/defaults.php
/403.php
/wp-includes/ID3/index.php
/yanz.php
/admin/controller/extension/extension/
/.well-known/gecko-litespeed.php
/.well-known/acme-challenge/doc.php
/wp-admin/network/plugins.php
/wp-admin/about.php
/z.php
/cgi-bin/index.php
/go.php
/init.php
/wp-links.php
/as/function.php
/k.php
/hehehehe.php
/ab.php
/al.php
/shx.php
/wp-includes/style-engine/about.php
/wp-admin/css/colors/sunrise/
/wp-includes/certificates/about.php
/themes.php
/wp-content/themes/index.php
/www.php
/wp-content/themes/wp-pridmag/init.php
/wp-includes/js/tinymce/skins/lightgray/img/index.php
/mariju.php
/wp-admin/css/index.php
/wp-includes/css/index.php
/sim.php
/wp-content/atomlib.php
/ini.php
/wp-login.php
/wp-includes/php-compat/
/wp-activate.php
/wp-includes/js/tinymce/skins/wordpress/images/index.php
/wp-includes/admin.php
/special.php
/wp-admin/user/index.php
/css/admin.php
/wp-admin/maint/about.php
/temp.php
/.tmb/cloud.php
/g.php
/error_log.php
/2.php
/readme.php
/fw.php
/wp-admin.php
/wp-includes/wp-includes_function.php
/wp-configs.php
/123.php
/wp-includes/SimplePie/
/license.php
/Alfa.php
/sh.php
/style.php
/wp-includes/autoload_classmap.php
/9.php
/marijuana.php
/wp-includes/customize/about.php
/.well-known/acme-challenge/index.php
/shell.php
/wp-content/uploads/autoload_classmap.php
/wso112233.php
/cong.php
/s.php
/wp-corn-sample.php
/wp-includes/customize/chosen.php
/fx.php
/settings.php
/wp-info.php
/css/dmtixucz/golden-access/
/contents.php/lv.php
/cgi-bin/xmrlpc.php
/wp-admin/user/cloud.php
/.well-known/acme-challenge/makeasmtp.php
/samll.php
/wp-admin/js/widgets/xmrlpc.php
/admin/index_upload.php
/admin/controller/extension/extension/ultra.php
/wp-admin/license.php
/wp-admin/css/wp-login.php
/wp-content/uploads/cache.php
/radio.php
/.well-known/acme-challenge/themes.php
/wp-content/db-cache.php
/webadmin.php
/TNT.php
/wp-includes/pomo/about.php
/jp.php
/wp-includes/css/tj.php
/gc.php
/alfa-rex.php7
/wp-includes/css/dist/block-library/admin.php
/cgi-bin/wp-login.php
/1.php7
/.well-known/acme-challenge/mariju.php
/mcs.php
/server.php
/wp-admin/images/about.php
/.well-known/acme-challenge/about.php
/wander.php
/.well-known/about.php
/wp-includes/js/codemirror/about.php
/system_log.php
/wp-content/languages/about.php
/wp-admin/css/colors/about.php
/wp-content/plugins/linkpreview/index.php
/wp-admin/images/install.php
/wp-admin/css/colors/ectoplasm/admin.php
/wp-trackback.php
/wp-logout.php
/wp-admin/css/colors/midnight/admin.php
/wp-admin/images/profile.php
/wp-admin/alfa.php
/wp-content/plugins/atomlib.php
/wp-includes/Text/Diff/Engine/index.php
/wp-content/uploads/wp-login.php
/avaa.php
/cd.php
/bypass.php
/indeex.php
/pi.php
/as.php
/wp-seo.php
/nakrip.php
/gebase.php69
/wsa.php
/jquery.php
/wp-admin/file.php
/.well-known/pki-validation/parx.php
/wp.php
/wp-admin/css/colors/midnight/colors.php
/config.php
/1bwqtre/admin.php
/wp-includes/IXR/allez.php
/ws.php
/x.php
/1index.php
/thumbs.php
/wp-includes/SimplePie/index.php
/menu.php
/xmlrpc.php
/wp-content/updates.php
/raf.php
/backup.php
/by.php
/sx.php
/nf.php
/wp-admin/maint/edit.php
/dav.php
/fi2.php
/admin.php1
/wp-content/gallery/about.php
/moon.php
/files.php
/wp-includes/IXR/about.php
/epinyins.php
/meta.php
/update.php
/wp-admin/css/colors/blue/about.php
/wp-content/x/index.php
/network.php
/wp-content/uploads/2023/08/admiin.php
/a.php
/aaa.php/getid3-core.php
/wp-includes/fonts/index.php
/cron.php HTTP/1.1" 200 43 "-" "-"
/.tmb/admin.php
/theme.php
/.well-known/acme-challenge/admin.php
/wp-content/themes/alera/alpha.php
/bi.php
/wp-includes/SimplePie/about.php
/wp-content/file.php
/iR7SzrsOUEP.php
/filter.php
/adminer.php
/wp-content/uploads/wpr-addons/forms/RxRzhwix.php
/wp-admin/css/colors/blue/blkafewl.php
/alfa-rexhp1.p
/wp-content/plugins/simple/simple.php
/wp-content/plugins/pwnd/as.php
/.well-known/pki-validation/afnew.php
/wp-admin/style.php
/setup-config.php
/gecko.php
/wp-admin/wp-admin.php
/hinfofuns.php
/files/index.php
/wp-content/themes/sky-pro/js.php
/admin-header.php
/wp-content/languages/index.php
/wp-admin/css/fw.php
/st.php
/xmrlpc.php
/system.php
/cgi-bin/radio.php
/wp-content/plugins/core-plugin/include.php
/wp-admin/js/admin.php
/text.php
/google.php
/upload/login.php
/credits.php
/Marvins.php
/randkeyword.php
/wp-content/upgrade/index.php
/wp-content/plugins/pwnd/dropdown.php
/plugins.php
/function.php
/wp-admin/css/admin.php
/wp-content/uploads/2023/admiin.php
/wp-content/plugins/dummyyummy/wp-signup.php
/gecko-new.php
/xxx.php
/templates/beez3/index.php
/images.php
/wp-content/plugins/wp-help/admin/wp-fclass.php
/wp-index.php
/back.php
/wp-content/plugins/pwnd-1/dropdown.php
/default.php
/wp-content/plugins/admin.php
/wp-admin/admin.php
/about.PHP
/wp-content/themes/astra/inc/ki1k.php
/ge.php
/updates.php
/sim.php/wp-includes/certificates/plugins.php
/hehe.php
/browse.php
/f35.php
/buy.php
/html.php
/wp-content/uploads/setup
/wp-admin/css/colors/ocean/admiin.php
/config.php7
/ova-tools.php
/.well-known/index.php
/data.php
/fox.php
/templates/atomic/error.php
/wp-includes/ID3/module.tag.id3v3.php
/header.php
/xml.php
/wp-content/uploads/2025/03/themes.php
/wp-admin/includes/about.php
/wp2.php
/wp-includes/IXR/wp-login.php
/wp-content/themes/Divi/includes/widgets/wp-blog.php
/wp-admin/css/colors/light/about.php
/.well-known/pki-validation/xmrlpc.php
/users.php
/.well-known/pki-validation/install.php
/mini.php
/wp-content/uploads/admiin.php
/admin/admin.php
/wp-admin/css/colors/ocean/
/b.php
/02.php
/wp-includes/index.php
/alfanew.php
/favicon.php
/lv.php
/log.php
/edit.php
/wp-content/uploads/2014/03/smile.php
/wp-includes/js/tinymce/utils/
/max.php
/wp-includes/css.php
/.well-known/lofmebwd.php
/cgi-bin/about.php
/.well-known/pki-validation/
/wp-includes/widgets/about.php
/wp-admin/images/index.php
/admin/wp-signup.php
/wp-includes/ID3/
/wp-admin/js/about.php
/wp-includes/Text/Diff/Engine.php
/y.php
/wp-includes/ID3/about.php
/wp-content/plugins/envato-market/inc/class-envato-market-github.php
/wp-admin/network/about.php
/wp-includes/pomo/
/wp-includes/images/include.php
/gzak2w.php
/v4.php
/.well-known/file.php
/wp-includes/Text/lv.php
/wp-admin/includes/users.php
/shop.php
/index/function.php
/wp-includes/Text/autoload_classmap.php
/wp-core.php
/wp-includes/css/dist/widgets/
/templates/atomic/templates.php
/error.php
/f.php
/wp-includes/js/jcrop/Jcrop.php
/wp-admin/includes/index.php
/.well-known/acme-challenge/radio.php
/wp-content/themes/seotheme/mar.php
/lib.php
/alfanew.PHP7
/wp-includes/Requests/about.php
/wp-content/plugins/ubh/1.php
/wp-l0gin.php
/plugin.php
/repeater.php
/wp-includes/js/codemirror/index.php
/wp-cache.php
/vv.php
/content.php
/wp-content/plugins/wordfence/js/
/wp-admin/css/colors/ocean/index.php
/images/k.php
/wp-includes/block-patterns/about.php
/themes/zMousse/otuz1.php
/access.php
/wp-api.php
/wp-files.php
/x/index.php
/wp-admin/maint/admin.php
/wp-content/plugins/seoo/ulc2.php
/aaa.php
/wp-admin/css/colors/blue/
/delpaths.php
/fm2.php
/wp-content/plugins/wso.php
/wp-content/install.php
/wp-includes/install.php
/wp-includes/blocks/about.php
/cljntmcz.php
/wp-admin/css/colors/index.php
Happy hacking,
Santeri
