Wordpress GET requests ending with .jp

Question

Wordpress GET requests ending with .jp

69 Views Asked by Willy At 04 April 2025 at 14:29

All:

Recently, my aws hosted bitnami wordpress server seem to hang for no reason after a period of time. After some investigation, I found a lot of GET requests with .jp extension (See below entries from access_log) and eventually web server just get bog down with them. At first, I thought it was bot crawler but setting up robots.txt denying all agents don't help. So I concluded that the site was hacked.

I was able to clean the infected index.php and did some scan and got rid of other suspicious backdoor looking files.

However, I am still getting these requests. I had to obtain 3rd party WAF but have anyone encounter something like this before? Any other solutions? I was considering blocking all the IPs that made these requests as well.

Also, anyone know why the http code are all over the place? 200, 301, 302, 404, 504? I wondering if anyone can help me come up with some way to redirect all these GET requests ending with .jp or _jp to 404 so maybe those bots will stop requesting?

Thanks in advance for any help or tip

66.249.79.247 - - [06/Oct/2020:08:06:15 +0000] "GET /83748051432533944698/2g1g4m.jp HTTP/1.1" 504 247
40.77.167.83 - - [06/Oct/2020:08:57:28 +0000] "GET /index.php?121341211630390379/ozduc149wi.jp HTTP/1.1" 302 254
40.77.167.183 - - [06/Oct/2020:10:20:46 +0000] "GET /?66941470973990256853%2Fygexu02m_jp HTTP/1.1" 200 22990
40.77.167.219 - - [06/Oct/2020:10:21:52 +0000] "GET /?335876841749628794271%2Fv4fvtr_jp HTTP/1.1" 200 22675
40.77.167.245 - - [06/Oct/2020:10:22:25 +0000] "GET /?5053828928712378990978%2F74sio14id_jp HTTP/1.1" 200 22676
207.46.13.127 - - [06/Oct/2020:10:24:11 +0000] "GET /index.php?5246670320607303/p4co.jp HTTP/1.1" 302 246
207.46.13.127 - - [06/Oct/2020:10:24:11 +0000] "GET /index.php?5246670320607303/p4co.jp HTTP/1.1" 301 -
40.77.167.245 - - [06/Oct/2020:10:24:50 +0000] "GET /?5246670320607303%2Fp4co_jp HTTP/1.1" 200 22676
207.46.13.127 - - [06/Oct/2020:10:25:43 +0000] "GET /index.php?367810711062240/zr357r0.jp HTTP/1.1" 302 248
207.46.13.127 - - [06/Oct/2020:10:25:43 +0000] "GET /index.php?367810711062240/zr357r0.jp HTTP/1.1" 301 -
207.46.13.127 - - [06/Oct/2020:10:25:43 +0000] "GET /?367810711062240%2Fzr357r0_jp HTTP/1.1" 200 22990
157.55.39.103 - - [06/Oct/2020:10:26:41 +0000] "GET /index.php?1222174486979040544575/y19ql.jp HTTP/1.1" 302 253
157.55.39.103 - - [06/Oct/2020:10:26:43 +0000] "GET /index.php?1222174486979040544575/y19ql.jp HTTP/1.1" 301 -
157.55.39.50 - - [06/Oct/2020:10:27:06 +0000] "GET /index.php?8674473905474605/lqcdqx9zz2y.jp HTTP/1.1" 302 253
157.55.39.50 - - [06/Oct/2020:10:27:06 +0000] "GET /index.php?8674473905474605/lqcdqx9zz2y.jp HTTP/1.1" 301 -
157.55.39.209 - - [06/Oct/2020:10:27:41 +0000] "GET /index.php?64913653844771116387/g5c0q8vl.jp HTTP/1.1" 302 254
157.55.39.209 - - [06/Oct/2020:10:27:41 +0000] "GET /index.php?64913653844771116387/g5c0q8vl.jp HTTP/1.1" 301 -
40.77.167.219 - - [06/Oct/2020:10:28:52 +0000] "GET /?985985155848573994033%2Fvam8yt3l_jp HTTP/1.1" 200 22922
40.77.167.64 - - [06/Oct/2020:10:29:19 +0000] "GET /?8674473905474605%2Flqcdqx9zz2y_jp HTTP/1.1" 200 23011
40.77.167.245 - - [06/Oct/2020:10:30:40 +0000] "GET /?20975465453133912%2Ffkriq05y4pz939wb0z_jp HTTP/1.1" 200 22889
40.77.167.183 - - [06/Oct/2020:10:31:03 +0000] "GET /?66941470973990256853%2Fygexu02m_jp HTTP/1.1" 200 23465
157.55.39.213 - - [06/Oct/2020:10:31:19 +0000] "GET /index.php?62611248134308629/jrsq9actoq.jp HTTP/1.1" 302 253
157.55.39.213 - - [06/Oct/2020:10:31:19 +0000] "GET /index.php?62611248134308629/jrsq9actoq.jp HTTP/1.1" 301 -
60.119.45.85 - - [06/Oct/2020:10:36:51 +0000] "GET /351822957117038374615884/t24f4pmzp5jo31ugjiykxf.jp HTTP/1.1" 404 52183
40.77.167.68 - - [06/Oct/2020:10:37:55 +0000] "GET /index.php?998625841380936277/uv4e.jp HTTP/1.1" 302 248
40.77.167.68 - - [06/Oct/2020:10:37:55 +0000] "GET /index.php?998625841380936277/uv4e.jp HTTP/1.1" 301 -
160.86.119.68 - - [06/Oct/2020:10:38:58 +0000] "GET /index.php?1040743082542785423/uxliq.jp HTTP/1.1" 302 250
160.86.119.68 - - [06/Oct/2020:10:38:58 +0000] "GET /index.php?1040743082542785423/uxliq.jp HTTP/1.1" 301 -
160.86.119.68 - - [06/Oct/2020:10:38:59 +0000] "GET /?1040743082542785423%2Fuxliq_jp HTTP/1.1" 200 24949
207.46.13.84 - - [06/Oct/2020:10:40:09 +0000] "GET /index.php?6272534263242610512/gx40o573.jp HTTP/1.1" 302 253
207.46.13.84 - - [06/Oct/2020:10:40:09 +0000] "GET /index.php?6272534263242610512/gx40o573.jp HTTP/1.1" 301 -
40.77.167.251 - - [06/Oct/2020:10:43:47 +0000] "GET /?62611248134308629%2Fjrsq9actoq_jp HTTP/1.1" 200 22644
40.77.167.219 - - [06/Oct/2020:10:44:04 +0000] "GET /?64913653844771116387%2Fg5c0q8vl_jp HTTP/1.1" 200 22648
216.218.191.195 - - [06/Oct/2020:10:44:31 +0000] "GET /86401079123078/mahvgj7zmmvqt5rg1y.jp HTTP/1.1" 302 248
216.218.191.195 - - [06/Oct/2020:10:44:31 +0000] "GET /86401079123078/mahvgj7zmmvqt5rg1y.jp HTTP/1.1" 404 52183
157.55.39.209 - - [06/Oct/2020:10:44:49 +0000] "GET /index.php?522295860887671235/ue41aslsxb8f9.jp HTTP/1.1" 302 257
157.55.39.209 - - [06/Oct/2020:10:44:49 +0000] "GET /index.php?522295860887671235/ue41aslsxb8f9.jp HTTP/1.1" 301 -
157.55.39.50 - - [06/Oct/2020:10:45:54 +0000] "GET /index.php?7672859189865264240851/d3w6hbrfwbsuz.jp HTTP/1.1" 302 261
157.55.39.209 - - [06/Oct/2020:10:46:40 +0000] "GET /index.php?4177680566672762/1j4pxzjn1.jp HTTP/1.1" 302 251
157.55.39.209 - - [06/Oct/2020:10:48:33 +0000] "GET /index.php?5998326392260385/klxz4unlpouwi.jp HTTP/1.1" 302 255
157.55.39.209 - - [06/Oct/2020:10:44:57 +0000] "GET /?522295860887671235%2Fue41aslsxb8f9_jp HTTP/1.1" 504 247
157.55.39.50 - - [06/Oct/2020:10:46:00 +0000] "GET /index.php?7672859189865264240851/d3w6hbrfwbsuz.jp HTTP/1.1" 504 247
207.46.13.84 - - [06/Oct/2020:10:51:14 +0000] "GET /index.php?701700696437681277/imwxg0efr.jp HTTP/1.1" 302 253
157.55.39.209 - - [06/Oct/2020:10:46:41 +0000] "GET /index.php?4177680566672762/1j4pxzjn1.jp HTTP/1.1" 504 247
207.46.13.84 - - [06/Oct/2020:10:53:16 +0000] "GET /index.php?7207060055007006126291310/gcce.jp HTTP/1.1" 302 255
157.55.39.209 - - [06/Oct/2020:10:48:33 +0000] "GET /index.php?5998326392260385/klxz4unlpouwi.jp HTTP/1.1" 504 247
207.46.13.84 - - [06/Oct/2020:10:54:41 +0000] "GET /index.php?654708820234823301441/wc0bm.jp HTTP/1.1" 302 252
207.46.13.84 - - [06/Oct/2020:10:51:15 +0000] "GET /index.php?701700696437681277/imwxg0efr.jp HTTP/1.1" 504 247
207.46.13.84 - - [06/Oct/2020:10:53:17 +0000] "GET /index.php?7207060055007006126291310/gcce.jp HTTP/1.1" 504 247
157.55.39.198 - - [06/Oct/2020:10:58:28 +0000] "GET /index.php?61826285510577814517/f61re78p1f41w.jp HTTP/1.1" 302 259
157.55.39.59 - - [06/Oct/2020:10:59:35 +0000] "GET /index.php?84156456634603/i2c2hj4je.jp HTTP/1.1" 302 249
207.46.13.84 - - [06/Oct/2020:10:54:41 +0000] "GET /index.php?654708820234823301441/wc0bm.jp HTTP/1.1" 504 247
40.77.167.245 - - [06/Oct/2020:10:57:37 +0000] "GET /?1222174486979040544575%2Fy19ql_jp HTTP/1.1" 504 247
157.55.39.198 - - [06/Oct/2020:10:58:28 +0000] "GET /index.php?61826285510577814517/f61re78p1f41w.jp HTTP/1.1" 504 247
157.55.39.59 - - [06/Oct/2020:10:59:40 +0000] "GET /index.php?84156456634603/i2c2hj4je.jp HTTP/1.1" 504 247
157.55.39.59 - - [06/Oct/2020:11:12:26 +0000] "GET /index.php?2862654978784673781/4sw4j9.jp HTTP/1.1" 302 251
157.55.39.198 - - [06/Oct/2020:11:12:26 +0000] "GET /index.php?5046999766427223019/wi37all3y0d.jp HTTP/1.1" 302 256
157.55.39.213 - - [06/Oct/2020:11:13:31 +0000] "GET /index.php?6905444501961800880491/e2ob.jp HTTP/1.1" 302 252
157.55.39.213 - - [06/Oct/2020:11:13:31 +0000] "GET /index.php?6188133617927057745629/w88c2.jp HTTP/1.1" 302 253
157.55.39.50 - - [06/Oct/2020:11:18:24 +0000] "GET /index.php?496957380189926301011/8dnd8.jp HTTP/1.1" 302 252
157.55.39.213 - - [06/Oct/2020:11:13:31 +0000] "GET /index.php?6188133617927057745629/w88c2.jp HTTP/1.1" 504 247
157.55.39.198 - - [06/Oct/2020:11:22:37 +0000] "GET /index.php?526083220810691818/54ufa.jp HTTP/1.1" 302 249
157.55.39.50 - - [06/Oct/2020:11:18:25 +0000] "GET /index.php?496957380189926301011/8dnd8.jp HTTP/1.1" 504 247
157.55.39.198 - - [06/Oct/2020:11:22:46 +0000] "GET /index.php?526083220810691818/54ufa.jp HTTP/1.1" 504 247
40.77.167.83 - - [06/Oct/2020:11:38:26 +0000] "GET /index.php?8292959145475478787/gsf1j.jp HTTP/1.1" 302 250
192.88.134.20 - - [06/Oct/2020:12:40:49 +0000] "GET /index.php?2145570128640089606630/0mk28y.jp HTTP/1.1" 301 -
185.93.231.20 - - [06/Oct/2020:13:00:37 +0000] "GET /3578256589223773089/z2gnr9ur75qoa21gzxh3.jp HTTP/1.1" 404 52240

Original Q&A

Wordpress GET requests ending with .jp

There are 0 best solutions below

Related Questions in PHP

Related Questions in WORDPRESS

Related Questions in APACHE

Related Questions in GET

Related Questions in ACCESS-LOG

Trending Questions

Popular # Hahtags

Popular Questions