Was looking at my log files today and saw a bunch of IP’s trying to access the xmlrpc.php file over and over again. There are 2 ways you can block these IP’s from trying to access this file and slowing down your website.
Btw, I’m running CentOS 6 and Apache on my server.
- Create (or update) an .htaccess file in the root folder where xmlrpc.php file is. At the bottom of the file you can put the following to send the IP a 403 error.
order allow, deny
deny from XXX.XXX.XXX.XXX
deny from XXX.XXX.XXX.XXX
allow from all - Another way to block the IP is to block them on the firewall using iptables. I have created a script that reads a file of IPs and puts them in iptables.
$ cd ~/
$ mkdir iptables
$ cd iptables
$ touch blocked.ips block.sh
123.123.123.123
123.123.123.0/20
etc...
#!/bin/bash
IPT=/sbin/iptables
SPANLIST="spamlist"
SPAMDROPMSG="SPAM LIST DROP"
BADIPS=$(egrep -v -E "^^#|^$" blocked.ips)
# Create a new iptables spam list if not already there
$IPT -N $SPAMLIST# Delete any existing chain rules
$IPT --flush $SPAMLISTfor ipblock in $BADIPS
do
$IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
$IPT -A $SPAMLIST -s $ipblock -j DROP
done$IPT -I INPUT -j $SPAMLIST
$IPT -I OUTPUT -j $SPAMLIST
$IPT -I FORWARD -j $SPAMLISTservice iptables save
Doing this will drop the IP at the firewall and log in the /var/log/messages file. If you don’t like to see the messages in the log file, you can ignore the
$IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
from the block.sh script.
Enjoy!