xmlrpc.php DOS attack

  • nreese

    (@nreese)


    10 years ago

    I have had constant POSTs to my website:
    185.103.xxx.xxx – – [09/May/2016:22:50:52 -0400] “POST /xmlrpc.php HTTP/1.0” 403 469 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)”
    185.103.xxx.xxx – – [09/May/2016:22:50:53 -0400] “POST /xmlrpc.php HTTP/1.0” 403 469 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)”
    185.103.xxx.xxx – – [09/May/2016:22:50:57 -0400] “POST /xmlrpc.php HTTP/1.0” 403 469 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)”
    185.103.xxx.xxx – – [09/May/2016:22:50:59 -0400] “POST /xmlrpc.php HTTP/1.0” 403 469 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)”
    185.103.xxx.xxx – – [09/May/2016:22:51:01 -0400] “POST /xmlrpc.php HTTP/1.0” 403 469 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)”

    Ubuntu 14.04 / WordPress 4.5.2

    I have tried blocking with ufw / .htaccess / deny.hosts / Wordfence Security plugin / Disable XML-RPC Pingback plugin, but to no avail – the /var/log/apache2/access.log keeps on show constant hits.

    This site does not require blogs / posts etc.

    How do I block this? This is for a community club site. The requests eventually use up all memory and crash the site. Any suggestions greatly appreciated.

Viewing 1 replies (of 1 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    10 years ago

    Shared hosting or VPS?

    If you’re on your own VPS where you have full control, drop this in your httpd.conf file:

    RedirectMatch (.*)xmlrpc\.php$ http://127.0.0.1

    it makes all access to xmlrpc.conf “return to sender”.

    Note: it may break some jetpack functionality, so be sure to check things carefully.

Viewing 1 replies (of 1 total)

The topic ‘xmlrpc.php DOS attack’ is closed to new replies.