Re: slammed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, 2 Oct 2014, jwyeth.arch@xxxxxxxxx wrote:

Disabling XMLRPC completely via wp-config.php is quite easy.. I can send required info when I'm in front of a computer. You can also use an .htaccess rule for Apache to stop requests completely. I'm sure there's also rules for Nginx, lighttpd, etc that can be found quite easily via Google. Surprised most people don't have this disabled/blocked already.

Another good trick to keep IP-based scanners off your back is to make sure that all HTTP requests have a valid Host: header. In Apache, it's easy. The first-listed <VirtualHost> declaration is the default if a client fails to provide a Host: header in the request. So the initial Virtual host is basically a deny-all container, e.g.,

<VirtualHost *:80>
  ServerSignature off
  <Location />
    <RequireAny>
      Require local
      Require ip [some administrative IP addr]
    </RequireAny>
  </Location>
</VirtualHost>

<VirtualHost *:80>
  ServerName www.you.com
  # the real work happens here ...
</VirtualHost>


For extra credit, you can write a fail2ban filter that scans the default ErrorLog for telltale signs of IP-based scanning (watch out for unintended line-wrapping in the example below).

# /etc/fail2ban/filter/apache-iponly.conf
[DEFAULT]

_apache_error_msg = \[[^]]*\] \[\S*:error\] \[pid \d+\] \[client <HOST>(:\d{1,5})?\]

[Definition]

failregex = ^%(_apache_error_msg)s (AH0\d+: )?client denied by server configuration: (uri )?.*$
            ^%(_apache_error_msg)s script '\S+' not found or unable to stat(, referer: \S+)?\s*$

--
Paul Heinlein
heinlein@xxxxxxxxxx
45°38' N, 122°6' W
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux