Hi Everyone, We see a continuous flow of requests like shown below. We are fairly certain it is a botnet probing for weaknesses or vulnerabilities. The source IP address slowly moves around. It looks like there was a bug in load.php some time ago [1].
I don't have time to manually monitor this. We are looking for one of those wiki plugins to handle it at the application layer. How do we ban the host for making these probes for a day or a week? Thanks in advance. [1] https://www.mediawiki.org/wiki/Topic:Sl0d755pv10sjxl0 92.32.245.123 - - [19/Apr/2020:14:41:12 -0400] "GET /w/load.php?lang=en&modules=mediawiki.helplink%2Cspecial%2Cui%7Cmediawiki.legacy.commonPrint%2Cshared%7Cmediawiki.skinning.interface%7Cmediawiki.special.search.styles%7Cmediawiki.ui.button%2Cinput%7Cmediawiki.widgets.SearchInputWidget.styles%7Cmediawiki.widgets.styles%7Coojs-ui-core.styles%7Coojs-ui.styles.icons-alerts%2Cicons-content%2Cicons-interactions%2Cindicators%2Ctextures%7Cskins.vector.styles&only=styles&skin=vector HTTP/1.1" 200 28580 92.32.245.123 - - [19/Apr/2020:14:41:13 -0400] "GET /w/load.php?debug=false&lang=en&modules=ext.SmjCDN%7Cjquery%2Coojs%2Coojs-ui-core%2Coojs-ui-widgets%2Csite%7Cjquery.accessKeyLabel%2CcheckboxShiftClick%2Cclient%2CgetAttrs%2ChighlightText%2Csuggestions%2CtabIndex%2Cthrottle-debounce%7Cmediawiki.RegExp%2CString%2CTitle%2Capi%2Cbase%2Ccldr%2Clanguage%2CsearchSuggest%2Cutil%2Cwidgets%7Cmediawiki.libs.pluralruleparser%7Cmediawiki.page.ready%2Cstartup%7Cmediawiki.special.search%7Cmediawiki.widgets.SearchInputWidget%7Coojs-ui.styles.icons-editing-advanced%2Cicons-moderation%2Cicons-movement%7Cskins.vector.js%7Cuser.defaults&skin=vector&version=1rf1ap1 HTTP/1.1" 200 144182 92.32.245.123 - - [19/Apr/2020:14:41:15 -0400] "GET /wiki/Debug_Symbols HTTP/1.1" 200 7733 92.32.245.123 - - [19/Apr/2020:14:41:16 -0400] "GET /w/load.php?lang=en&modules=mediawiki.legacy.commonPrint%2Cshared%7Cmediawiki.skinning.interface%7Cmediawiki.toc.styles%7Cskins.vector.styles&only=styles&skin=vector HTTP/1.1" 200 8880 92.32.245.123 - - [19/Apr/2020:14:41:16 -0400] "GET /w/load.php?debug=false&lang=en&modules=ext.SmjCDN%7Cjquery%2Csite%7Cjquery.accessKeyLabel%2CcheckboxShiftClick%2Cclient%2Ccookie%2CgetAttrs%2ChighlightText%2Csuggestions%2CtabIndex%2Cthrottle-debounce%7Cmediawiki.RegExp%2CString%2CTitle%2Capi%2Cbase%2Ccookie%2CsearchSuggest%2Ctoc%2Cutil%7Cmediawiki.page.ready%2Cstartup%7Cskins.vector.js%7Cuser.defaults&skin=vector&version=1j07wt1 HTTP/1.1" 200 68744 _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
