I have a problem with what seems to be a botnet hitting my website’s XMLRPC.PHP file several times per second periodically throughout the day. Littered in my log file, there are always thousands of lines that look like this:
22.214.171.124 – – [19/Aug/2013:11:06:19 -0500] “POST /xmlrpc.php HTTP/1.1” 404 12165 “-” “-“
From what I understand, hackers have recently used the pingback feature on legitimate WordPress websites to conduct DDOS attacks. This also affects my website; during these attacks, its response time becomes extremely high. My Web host, HostGator, has also disabled my account twice because of high CPU usage. However, the only solution they’ve offered is to insert a “deny from all” line in my htaccess file, which generates a 403 or 404 error whenever someone attempts to hit xmlrpc.php.
Although this might prevent my website from being used in a pingback DDOS attack, it’s not an acceptable solution as sending out several 403 or 404 error pages per second still results in abnormally high CPU usage and data transfer. Deleting XMLRPC.PHP produced a similar result.
So, I got the idea of adding the following to my htaccess file:
RewriteRule ^xmlrpc\.php$ “http\:\/\/0\.0\.0\.0\/” [R=301,L]
When I test the fix in my browser, I do get a blank error page without load on my server. Is this an acceptable fix for my problem, or might there be some negative side effects I haven’t anticipated?
- The topic ‘Resolving XMLRPC.PHP DDOS attack with htaccess redirect?’ is closed to new replies.