New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Paid Help
agoldenberg
Member, Host Rep
in Help
Need someone to write me a regex for a cpanel server that will add a block line for any IP making requests of any sort to XMLRPC.php
PM me if you can handle this and what you would charge.
Comments
You can do this with mod security for cPanel you can try Comodo WAF i think it might already have some rules for wordpress based attacks as the one you described above. or you can do some HTTP rate limiting.
Did a little searching for you and found the following article that might be useful
http://linuxavid.blogspot.co.uk/2014/10/modsecurity-block-rule-for-xmlrpc-and.html
Since .htaccess is read recursively, should be able to put that in /home and just be done with it.
@jmckeag12 Does this simply go into .htaccess? The reason I'm looking for a regex is so I don't have to go in and modify every single .htaccess file.
@jar putting it in home causes an internal server error.
Yes, of course it does if you copied and pasted it. Remove the spaces.
@k0nsl I know enough to remove the spaces. I removed them and restarted httpd.
Forgot the /FilesMatch woops!
If you do it with mod security you can apply it on a server-wide level. instead of doing it per account. This is the best way to do what you are looking for. or as Jar said to deny complete access to xmlprc
Try this:
@k0nsl both solutions work Thanks to all who helped out! If I can do anything to help please do let me know.
Ah sorry, accidentally removed the / to please vanilla.
Best is a relative thing, especially given the request was tagged with iptables. For that, "best" probably involves creating a fail2ban jail above and beyond Apache. That's what I do, anyway, because I don't get much benefit out of Apache just serving up a 403 instead of a 404.