[CentOS] slammed
Paul Heinlein
heinlein at madboa.com
Thu Oct 2 16:44:22 UTC 2014
On Thu, 2 Oct 2014, jwyeth.arch at gmail.com wrote:
> Disabling XMLRPC completely via wp-config.php is quite easy.. I can
> send required info when I'm in front of a computer. You can also use
> an .htaccess rule for Apache to stop requests completely. I'm sure
> there's also rules for Nginx, lighttpd, etc that can be found quite
> easily via Google. Surprised most people don't have this
> disabled/blocked already.
Another good trick to keep IP-based scanners off your back is to make
sure that all HTTP requests have a valid Host: header. In Apache, it's
easy. The first-listed <VirtualHost> declaration is the default if a
client fails to provide a Host: header in the request. So the initial
Virtual host is basically a deny-all container, e.g.,
<VirtualHost *:80>
ServerSignature off
<Location />
<RequireAny>
Require local
Require ip [some administrative IP addr]
</RequireAny>
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName www.you.com
# the real work happens here ...
</VirtualHost>
For extra credit, you can write a fail2ban filter that scans the
default ErrorLog for telltale signs of IP-based scanning (watch out
for unintended line-wrapping in the example below).
# /etc/fail2ban/filter/apache-iponly.conf
[DEFAULT]
_apache_error_msg = \[[^]]*\] \[\S*:error\] \[pid \d+\] \[client <HOST>(:\d{1,5})?\]
[Definition]
failregex = ^%(_apache_error_msg)s (AH0\d+: )?client denied by server configuration: (uri )?.*$
^%(_apache_error_msg)s script '\S+' not found or unable to stat(, referer: \S+)?\s*$
--
Paul Heinlein
heinlein at madboa.com
45°38' N, 122°6' W
More information about the CentOS
mailing list