Quite confused...
Apache Access Log is constanmtly showing spam URLs being called after a Wordpress website hack. I think I have removed the hacking, but something is still calling these spam URLs on the site very frequently and I am trying to block them.
I have a few questions/issues to resolve:
Why would they show as 302 headers when in fact they are 404's? I have a server firewall to block traffic with too many 404s in a certain time frame, and this wont work with so many 302s.
I have setup Cloudflare, so traffic comes through there, AND I have blocked access to the site unless its through Cloudflare IPs. Within Cloudflare I have enabled Under Attack mode, for the 5 second wait to access the site. This made no effect, the URLs keep coming!
So I am quite confused why so many 302s show and how they can access the site direct or through Cloudflare in under attack mode.
Thanks
162.158.159.136 - - [08/Jul/2022:11:14:03 +0100] "GET /injection-chyb6MR/b12-rapid-burner-9rV6kv-injection HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; SemrushBot/7~bl; +http://www.semrush.com/bot.html)"
162.158.159.10 - - [08/Jul/2022:11:14:04 +0100] "GET /MywTbl-loss/golo-weight-loss-0AqcQ-product-review-site-gov HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; DataForSeoBot/1.0; +https://dataforseo.com/dataforseo-bot)"
162.158.159.8 - - [08/Jul/2022:11:14:05 +0100] "GET /injection-chyb6MR/b12-rapid-burner-9rV6kv-injection/ HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; SemrushBot/7~bl; +http://www.semrush.com/bot.html)"
162.158.159.8 - - [08/Jul/2022:11:14:06 +0100] "GET /qcyvPfd-actually/best-weight-loss-pill/that-VNcLV6kv-actually-work HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; DataForSeoBot/1.0; +https://dataforseo.com/dataforseo-bot)"
162.158.159.8 - - [08/Jul/2022:11:14:07 +0100] "GET /54ijd-post/weight-loss-medication-post-bariatric-surgery-8qY62 HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; DataForSeoBot/1.0; +https://dataforseo.com/dataforseo-bot)"
141.101.107.138 - - [08/Jul/2022:11:14:09 +0100] "GET /canasa-Ai864ijX/SzIO8-canasa-erectile-dysfunction HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; SemrushBot/7~bl; +http://www.semrush.com/bot.html)"