Hello;
I am retrieving a wordpress site that had been hacked, damaged and had several files altered with suspicious codes. Apparently now everything is clean and secure in the files, however, I still receive hundreds of requests with suspicious urls and different standards. Some examples:
- [miite.com] /? h1 = Global-Co-ord-sets-Y-vc-40903.html? icn = Co-ord-setss
- [miite.com] /? h1 =% 2Fnicelinesz.ltwebstatic.com% 2Fjs% 2Fquick_register.js% 3Fv% 3Dniceline_643
- [miite.com] / jsknib-lktzvp-5287u3093-ckbxpi-j46615-tax /
- [miite.com] / izdqgntxut-edqjkfj-5291u3085-ulq-j42027-lpc /
- [miite.com] /? success = one% 20piece% 20swimwear & h1 = shop-the-look-55.html? icn = prettymeetsstreet
- [miite.com] /? success = pantyhose & h1 = Global-Shoes-from-5-Y-vc-41771.html? icn = shoesfrom5
At first I was blocking any IP that tried to access these URLs, but it quickly started blocking google bots as well and was warned about the performance drop in site indexing.
Has anyone ever had this or are you aware of where to investigate? I would also like to make locks through .htaccess only when it has access through these url patterns, does anyone have any solutions? (Eg "success", "? H1")