Was looking at my log files today and saw a bunch of IP’s trying to access the xmlrpc.php file over and over again. There are 2 ways you can block these IP’s from trying to access this file and slowing down your website.

Btw, I’m running CentOS 6 and Apache on my server.

1. Create (or update) an .htaccess file in the root folder where xmlrpc.php file is. At the bottom of the file you can put the following to send the IP a 403 error.
   order allow, deny
deny from XXX.XXX.XXX.XXX
deny from XXX.XXX.XXX.XXX
allow from all
2. Another way to block the IP is to block them on the firewall using iptables. I have created a script that reads a file of IPs and puts them in iptables.
$ cd ~/
$ mkdir iptables
$ cd iptables
$ touch blocked.ips block.sh
Then you need to edit the blocked.ips file to include the IPs you want to block.
123.123.123.123
123.123.123.0/20
etc...
Here is my block.sh script file.
   #!/bin/bash
   IPT=/sbin/iptables
   SPANLIST="spamlist"
   SPAMDROPMSG="SPAM LIST DROP"
   BADIPS=$(egrep -v -E "^^#|^$" blocked.ips)
   # Create a new iptables spam list if not already there
   $IPT -N $SPAMLIST

   # Delete any existing chain rules
   $IPT --flush $SPAMLIST

   for ipblock in $BADIPS
   do
   $IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
   $IPT -A $SPAMLIST -s $ipblock -j DROP
   done

   $IPT -I INPUT -j $SPAMLIST
   $IPT -I OUTPUT -j $SPAMLIST
   $IPT -I FORWARD -j $SPAMLIST

   service iptables save

   Doing this will drop the IP at the firewall and log in the /var/log/messages file. If you don’t like to see the messages in the log file, you can ignore the
   $IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
   from the block.sh script.

Enjoy!