Nobody home

Was looking at my log files today and saw a bunch of IP’s trying to access the xmlrpc.php file over and over again. There are 2 ways you can block these IP’s from trying to access this file and slowing down your website.

Btw, I’m running CentOS 6 and Apache on my server.

  1. Create (or update) an .htaccess file in the root folder where xmlrpc.php file is. At the bottom of the file you can put the following to send the IP a 403 error.
    order allow, deny
    deny from XXX.XXX.XXX.XXX
    deny from XXX.XXX.XXX.XXX
    allow from all
  2. Another way to block the IP is to block them on the firewall using iptables. I have created a script that reads a file of IPs and puts them in iptables.
    $ cd ~/
    $ mkdir iptables
    $ cd iptables
    $ touch blocked.ips
    Then you need to edit the blocked.ips file to include the IPs you want to block.
    Here is my script file.
    BADIPS=$(egrep -v -E "^^#|^$" blocked.ips)
    # Create a new iptables spam list if not already there

    # Delete any existing chain rules
    $IPT --flush $SPAMLIST

    for ipblock in $BADIPS
    $IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
    $IPT -A $SPAMLIST -s $ipblock -j DROP


    service iptables save

    Doing this will drop the IP at the firewall and log in the /var/log/messages file. If you don’t like to see the messages in the log file, you can ignore the
    $IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
    from the script.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.