Blocking particular page requests – tucok3.php

  • celliottuk

    (@celliottuk)


    10 years, 1 month ago

    My site was badly hacked 3 months ago leaving a back door
    The site is now clean, but the hackers from all over the world are looking for that backdoor
    The backdoor’s name is

    http://www.mysite.com/tucok3.php?q=3urlt0e60j1vv

    Where everything after the “?” changes on each attempt
    I would like to block any request coming in from any browser or IP range that is looking for
    tucok3.php?*
    I have tried to use advanced blocking, but that doesn’t seem to work. I don’t want to use Country blocking, and if I use IP range blocking, all that happens is that the hackers use a different IP range for their next attack

    Any ideas please?

    Thanks

    https://ww.wp.xz.cn/plugins/wordfence/

Viewing 1 replies (of 1 total)
  • wfasa

    (@wfasa)

    10 years, 1 month ago

    Hello celliottuk,
    we do not have this feature at the moment. However, we have a feature request on it and I just found out it will be released with one of the next versions.

    In your particular case I think the best response to a request like that is 404. If this URL has been picked up by search engines you don’t want to block them. You wan’t to give them the correct answer which in server language is “404 File not found”. This will let the search engines know they should forget about that URL.

    To verify which response code the URL is generating, have a browser console open while attempting to load one of those URLs (you might need to select the “Net” panel in the console).

Viewing 1 replies (of 1 total)

The topic ‘Blocking particular page requests – tucok3.php’ is closed to new replies.