WordPress.org

Ready to get started?Download WordPress

Forums

How to prevent these kind of attacks? (16 posts)

  1. OperaManiac
    Member
    Posted 7 years ago #

    http://tinypic.com/4i745jo.gif

    These attacks are strong enough to get a 1 gig ram celeron processor with 2-3 sites on its knees!

  2. Most automated spam attempts will be stopped dead by Bad Behavior.

    Add Spam Karma or Akismet and most spam will be dealt with.

  3. OperaManiac
    Member
    Posted 7 years ago #

    this is when all the comments are turned off. they are just hitting the comment file directly.

    i tried renaming the file. deleting it. still the server goes down after a while!

    looks like a ddos attack. :(

  4. Use Bad Behavior. It blocks attempts to access that file.

    Other than that, it comes down to blocking IP addresses at the firewall or router level, before the attacks can hit the server.

  5. scaturan
    Member
    Posted 7 years ago #

    i use mod_security and helps quite a bit - even tracks down requests made through rogue proxy servers. i monitor several hundred WP/G2 sites and that Apache server status page is very useful indeed - in addition to randomly issuing a "tail -f" on log files generated by Apache and/or loaded modules.

    track the IP, see what Google or other search engines have to say (very useful too), do a whois then depending on the ISP, country of origin or ip-block/range owner - make a decision to add a firewall ruleset to deny request or just let the spam-plugins do the work. i wish there was a single solution to wp-comments.php flooding, but there isn't, and probably never will be. layered approach for the time being. :)

  6. OperaManiac
    Member
    Posted 7 years ago #

    one question...

    can we block direct access to this wp-comments-post.php file through .htaccess. the file is supposed to be accessed by the comment form on the blog post page.

    would that lessen the load on the server?

  7. Michael Bishop

    Posted 7 years ago #

  8. OperaManiac
    Member
    Posted 7 years ago #

    well i have comments disabled. so they are just hitting the server with no end results. the accesses leading to connections with mysql is killing the server. :P

    that's why i thought abt the htaccess file. maybe that would reduce the load by preventing access to mysql. :|

    i am kinda ignorant about the comment posting procedure so this post might sound lame.

    So the plugin is now be able to block POST requests only on wp-comments-post.php and keep your weblog a little more spam-free.

    this part looks interesting. :P

  9. Trent Adams
    Member
    Posted 7 years ago #

    Take a look at this page in Codex!

    Especially the part on blocking no referrer requests with .htaccess.

    Trent

  10. OperaManiac
    Member
    Posted 7 years ago #

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post.php*
    RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

    about this... how do i set this code for a site where blogs are located in subdomains...

    should i put this code in the base folder's htaccess file or should i put it in all the subdomains?

    and for a particular subdomain, what value should i put in this statement:

    RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]

  11. Alex King
    Member
    Posted 7 years ago #

    You really want to stop this at the firewall, before it hits Apache. Once it hits Apache, it can really muck things up. Talk to your server admin about the options available to you (APF, etc.).

  12. whooami
    Member
    Posted 7 years ago #

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post.php*
    RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

    thats originally my invention, btw. I take the credit, thanks.

    subdomains are already handled by :
    RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]

    www. is a subdomain for example.

    The easiest way for someone that has directories that are also subdomains that are also blogs is to use the fully qualified URL of the site(s), ie:

    RewriteCond %{HTTP_REFERER} "!^http://sub.domain.org/.*$" [NC]
    RewriteCond %{REQUEST_URI} ".*wp-comments-post.php$"
    RewriteRule .* - [F]

    And that, those 3 lines, would go inside the same .htaccess that resides in the same directory with your sub-domain'd blogs wp-config.php

    the above is much simpler for a cpl reasons.

    1. spammers dont send http_get requests to wp-comments.php. They know it requires an http_post. So checking to see if its a post is redundant. By the same token, and http_get sent to wp-comments.php does nothing. Precisely why you wont see it.

    2. The example in the codex checks the ua. thats dumb. The ua is unimportant.

    3. the 301 is a redirect back to the IP. Ive used that in the past, and I dont not reccommend it but this is worth considering ....

    a.)99.999% of the time, that IP is going to be an anonymous proxy. The spamming script will not, therefore, not see that traffic.

    b. They see a 301, which is a redirect, not a 403. Since there is no knowing whether or not a particular spammer, using a particular script is checking .. I err on the side that they might -- and honestly, I want them to know they got a 403 from me. A 403 is definitive, a 301 means that their spam might have gone through. A 403 tells them they failed.

    c. a and b are a waste of space and time.

  13. findasec
    Member
    Posted 7 years ago #

    I'm a dummy - is this a plug in? Is that where the file is uploaded to?

  14. whooami
    Member
    Posted 7 years ago #

  15. whooami
    Member
    Posted 7 years ago #

    original topic off my blog:

    http://www.village-idiot.org/archives/2005/03/02/sp-am/

    I noticed "the idea" was added to the codex less than 3 weeks later. :O and while credit for some other things on that page was originally given to the people that suggested them, macmanax appers to have not ever mentioned me. hmph.

    Ive given examples before:

    RewriteCond %{HTTP_REFERER} !^http://([^.]+.)?yourdomain.org/.*$ [NC]
    RewriteCond %{REQUEST_URI} ".*wp-register.php$"
    RewriteRule .* - [F]

    Ideally, no-one needs to access your registration page if they're not coming from your domain ... The uses for things like this are endless. :)

    lastly, mac made an error,

    this:

    RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

    is incorrect and wont redirect correctly.

    this is the proper way:

    RewriteRule ^(.*) http://%{REMOTE_ADDR}/ [R=301,L]

  16. vanhoolpilot
    Member
    Posted 6 years ago #

    These maggots are making any real function of the net all but impossible to the point they are themselves going to force government intervention to the point of restricting access. Already, the moment they enter your script without authorization they have committed a felony in all 50 states and federal jurisdiction. More and more local police agencies are working with federal agencies including the FBI Electronic Crimes Division and the FCC Wire Fraud Division and frankly, I fully support somebody stepping in and stopping these LEECHES, POND SCUM from making life miserable for virtually everyone.

    I have had my family website hacked dozens of times and I support cutting the fingers off with wire cutters so hackers would have to type with their elbows. It may not stop hacking, but it should slow it down a bit.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.