We seen a lots of strange encoded requests (encoded korean spam) in wordpress search '?s=' that came from google bot. The rate of access is high and generate a lot of load.
Not sure if this is a wordpress or a google bot exploit, as the sites get hundreds of thousands of indexed korean spam for jut on site and about 15,010,000,000 results for all sites.
here is a sample request:
the decoded request:
the results in google with a sample string from that request:
[Removed]
Not sure if this is a wordpress or a google bot exploit, as the sites get hundreds of thousands of indexed korean spam for jut on site and about 15,010,000,000 results for all sites.
here is a sample request:
Code:
66.249.75.131 - - [05/Mar/2019:21:16:41 +0200] "GET /?s=%EC%B6%98%EC%B2%9C%EC%B6%9C%EC%9E%A5%EC%99%B8%EA%B5%AD%EC%9D%B8%E3%80%8E%EC%B9%B4%ED%86%A1%3A+P+o+34%E3%80%8F%7BPo+o34.c%EF%BC%90M%7D%EC%B6%9C%EC%9E%A5%EC%86%8C%EC%9D%B4%EC%8A%A4%ED%99%8D%EC%84%B1%EC%BD%9C%EA%B1%B8Y%E2%98%B5%E2%8A%992019-02-20-11-45%EC%B6%98%EC%B2%9C%E2%8A%99AIJ%E2%94%B7%EC%B6%9C%EC%9E%A5%EC%97%AC%EB%8C%80%EC%83%9D%EC%BD%9C%EA%B1%B8%EC%B6%9C%EC%9E%A5%EC%95%88%EB%A7%88%EC%B6%9C%EC%9E%A5%EC%86%8C%EC%9D%B4%EC%8A%A4%ED%99%8D%EC%84%B1%E2%98%AD%EC%B6%9C%EC%9E%A5%EC%97%85%EA%B3%84%EC%9C%84%E2%99%90%EC%B6%9C%EC%9E%A5%EC%86%8C%EC%9D%B4%EC%8A%A4%E2%94%A0%EC%B6%98%EC%B2%9C&feed=rss2 HTTP/1.1" 200 2201 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
Code:
춘천출장외국인『카톡:+P+o+34』{Po+o34.c0M}출장소이스홍성콜걸Y⊙2019-02-20-11-45춘천⊙AIJ┷출장여대생콜걸출장안마출장소이스홍성출장업계위출장소이스┠춘천the results in google with a sample string from that request:
[Removed]
Last edited by a moderator:
