Shin

Blocking WordPress xmlrpc.php scans

My server was frying at 100% cpu usage when I saw my apache log filled with these:
x111.com 80.82.78.166 - - [17/Oct/2014:15:28:16 +0200] "POST /xmlrpc.php HTTP/1.0" 200 - "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
Apparently there are bots going around hammering sites that have WordPress running to try and abuse xmlrpc to ddos other sites.
I tried some xmlrpc plugins but they didn’t do anything for me so I decided to nip in the bud at .htaccess level, thus blocking the requests at apache level and preventing php and mysql from getting hammered by adding this to my .htaccess file:
RewriteCond %{REQUEST_URI} =/xmlrpc.php [NC]
RewriteCond %{HTTP_USER_AGENT} .*Mozilla\/4.0\ \(compatible:\ MSIE\ 7.0;\ Windows\ NT\ 6.0.*
RewriteRule .* - [F,L]

So now all scans get an error 403:
x111.com 93.174.93.203 - - [18/Oct/2014:12:31:54 +0200] "POST /xmlrpc.php HTTP/1.0" 403 275 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
And my server is idling again.

Comments

Comments are closed.

Work in progress... not home!
Trying to get all/most of the new code working before I start on the eyecandy.