If your server is flooded by unrelated queries, such as “https://webcare.co?s=*,” this snippet will return zero results.
Table of Contents
How to See It?
Check whether you are victim of bots abuse is easy. Go to your access log and you will something like the following.
123.45.67.89 - - [04/Sep/2024:12:34:56 +0000] "GET /?s=%40%23%24%25 HTTP/1.1" 200 5123 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
98.76.54.32 - - [04/Sep/2024:12:35:10 +0000] "GET /?s=%5E%26%2A HTTP/1.1" 200 5130 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15"
210.123.45.67 - - [04/Sep/2024:12:36:22 +0000] "GET /?s=%28%29%21 HTTP/1.1" 200 5125 "-" "Mozilla/5.0 (Linux; Android 11; Pixel 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36"
203.0.113.1 - - [04/Sep/2024:12:37:45 +0000] "GET /?s=%2B%3D%7C HTTP/1.1" 200 5140 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/604.1"
192.0.2.4 - - [04/Sep/2024:12:38:59 +0000] "GET /?s=%7B%7D%5B%5D HTTP/1.1" 200 5105 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0"You know it’s a bot when they are searching for gibberish.
For non-IT, the log above shows that “GET /?s=%40%23%24%25” is trying to fish holes. It makes no sense search for this term.
A good example of search is “/?s=study in Texas”, clear readable format.
Also, they may use the same IP for the search function.
What Will Happen?
With enough throughput and no protection from your side, you may end up with high resources, which accounts for nothing.
- Cause server resource to spike (high CPU and RAM)
- Genuine users aren’t able to navigate the website
- In worse cases, make your server go offline
The Easy Non-Alphebet Search in WordPress
Copy the code below and paste in your theme’s functions.php
// Add this to your theme's functions.php file
// Function to modify the search query
function exclude_non_alphabet_search( $query ) {
if ( $query->is_search() && !is_admin() ) {
$search_query = $query->get( 's' );
// Check if the search query contains only alphabet characters
if ( !preg_match( '/^[a-zA-Z]+$/', $search_query ) ) {
// Modify the query to return zero results
$query->set( 'post__in', array( 0 ) );
}
}
return $query;
}
// Hook the function into pre_get_posts
add_filter( 'pre_get_posts', 'exclude_non_alphabet_search' );
And you are set!
What the Snippet Non-Alphabet Search Do?
Line 4: Check is you’re admin and is using search function
Line 9: Using regex to decipher the codes
Line 10: Show zero result
Line 18: Add filter before the website is fully loaded
With every attacks, we learned something new about ‘hackers’ behavior. We may not know the full extend or the purpose of the attack, but we can mitigate those risks before it happens to you.
A simple snippet non-alphabet search block can save you tonnes of head ache.
Sign up to WebCare if you want someone to constantly monitor your Website.
Looking for Firms for your next Web project? Visit GoodFirms, they have 1,000 of ready for Done For You agencies.
