Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
litespeed_wiki:config:xmlrpc.php_bot_attack_block [2018/03/29 19:07] Lisa Clarke Proofreading |
litespeed_wiki:config:xmlrpc.php_bot_attack_block [2018/10/05 15:58] Jackson Zhang |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== How to Block xmlrpc.php Bot Attack ====== | + | ====== How to Block Bot Attack? ====== |
| - | Your server may experience heavy hits from a bot named [[http://law.di.unimi.it/BUbiNG.html#wc|BUbiNG]]. This may have caused a massive load spike in the server. To prevent further problems, we can deny that user agent globally. | + | Your server may experience heavy hits from bots. There are different ways to block bot attack. |
| + | |||
| + | ===== Example 1: "BUbiNG" bot ===== | ||
| + | |||
| + | "BUbiNG" bot [[http://law.di.unimi.it/BUbiNG.html#wc|BUbiNG]] may have caused a massive load spike in the server. To prevent further problems, we can deny that user agent globally. | ||
| - | ===== Example 1 ===== | ||
| An easy solution is to use a rewrite rule to detect the user agent, and then set environment with the action ''[E=blockbot]''. This will drop the direct connection from that client IP. | An easy solution is to use a rewrite rule to detect the user agent, and then set environment with the action ''[E=blockbot]''. This will drop the direct connection from that client IP. | ||
| Line 16: | Line 19: | ||
| If your rules need further debugging, you can enable rewrite log to check. | If your rules need further debugging, you can enable rewrite log to check. | ||
| - | ===== Example 2 ===== | + | ===== Example 2: Block xmlrpc.php Bot Attack ===== |
| On a server, after configuring cPanel Piped Logging to push entries to ''/usr/local/apache/logs/error_log'', you can see many ''404 File not found [/var/www/html/xmlrpc.php]'' entries coming through. 404 will not trigger the LSWS WordPress protection feature, because the requests look like they're being processed by the default vhost. | On a server, after configuring cPanel Piped Logging to push entries to ''/usr/local/apache/logs/error_log'', you can see many ''404 File not found [/var/www/html/xmlrpc.php]'' entries coming through. 404 will not trigger the LSWS WordPress protection feature, because the requests look like they're being processed by the default vhost. | ||
| Line 24: | Line 27: | ||
| **Note:** Do not apply the above at the server level since it will block //everyone// accessing ''xmlrpc.php'' globally. | **Note:** Do not apply the above at the server level since it will block //everyone// accessing ''xmlrpc.php'' globally. | ||
| + | |||
| + | |||
| + | ===== Example 3: Block some cookies ===== | ||
| + | If the bots are cookie related, you can also try something like the following and tailor it to what you need. | ||
| + | |||
| + | RewriteCond %{HTTP_COOKIE} yourcookiename | ||
| + | RewriteRule .* - [F] | ||
| + | |||
| + | |||