Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Paid Help
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Paid Help

agoldenbergagoldenberg Member, Host Rep
in Help

Need someone to write me a regex for a cpanel server that will add a block line for any IP making requests of any sort to XMLRPC.php

PM me if you can handle this and what you would charge.

Comments

  • NexHostNexHost Member
    edited November 2015

    You can do this with mod security for cPanel you can try Comodo WAF i think it might already have some rules for wordpress based attacks as the one you described above. or you can do some HTTP rate limiting.

    Did a little searching for you and found the following article that might be useful

    http://linuxavid.blogspot.co.uk/2014/10/modsecurity-block-rule-for-xmlrpc-and.html

  • jarjar Patron Provider, Top Host, Veteran
    edited November 2015 
    < FilesMatch "xmlrpc.php" >
Deny from all
< /FilesMatch >

    Since .htaccess is read recursively, should be able to put that in /home and just be done with it.

    Thanked by 2netomx impossiblystupid
  • agoldenbergagoldenberg Member, Host Rep

    @jmckeag12 Does this simply go into .htaccess? The reason I'm looking for a regex is so I don't have to go in and modify every single .htaccess file.

  • agoldenbergagoldenberg Member, Host Rep

    @jar putting it in home causes an internal server error.

  • k0nslk0nsl Member

    Yes, of course it does if you copied and pasted it. Remove the spaces.

    @agoldenberg said:
    jar putting it in home causes an internal server error.

  • agoldenbergagoldenberg Member, Host Rep
    edited November 2015

    @k0nsl I know enough to remove the spaces. I removed them and restarted httpd.

  • agoldenbergagoldenberg Member, Host Rep

    Forgot the /FilesMatch woops!

  • NexHostNexHost Member

    @agoldenberg said:
    jmckeag12 Does this simply go into .htaccess? The reason I'm looking for a regex is so I don't have to go in and modify every single .htaccess file.

    If you do it with mod security you can apply it on a server-wide level. instead of doing it per account. This is the best way to do what you are looking for. or as Jar said to deny complete access to xmlprc

  • k0nslk0nsl Member
    edited November 2015

    Try this:

    <FilesMatch "^(xmlrpc\.php)">
Order Deny,Allow
Allow from 127.0.0.1 # server IP here
Deny from all
</FilesMatch>
  • agoldenbergagoldenberg Member, Host Rep

    @k0nsl both solutions work :) Thanks to all who helped out! If I can do anything to help please do let me know.

    Thanked by 2netomx Junkless
  • jarjar Patron Provider, Top Host, Veteran

    @agoldenberg said:
    Forgot the /FilesMatch woops!

    Ah sorry, accidentally removed the / to please vanilla.

    Thanked by 1netomx
  • impossiblystupidimpossiblystupid Member
    edited November 2015

    @jmckeag12 said:
    If you do it with mod security you can apply it on a server-wide level. instead of doing it per account. This is the best way to do what you are looking for.

    Best is a relative thing, especially given the request was tagged with iptables. For that, "best" probably involves creating a fail2ban jail above and beyond Apache. That's what I do, anyway, because I don't get much benefit out of Apache just serving up a 403 instead of a 404.

    Thanked by 1NexHost
Sign In or Register to comment.