Physical Address

304 North Cardinal St.
Dorchester Center, MA 02124

How to block XMLRPC Attacks using CSF

We will need to create custom log from which CSF will be able to search for wp-login.php and xmlrpc.php requests.

Now, edit your ecsf.conf

nano /etc/csf/csf.conf

locate the line: CUSTOM1_LOG = "/var/log/customlog"
and replace it with: CUSTOM1_LOG = "/usr/local/apache/domlogs/*/*"

Have a look :

Now, create a function within CSF to detect and block these attacks.

nano /usr/local/csf/bin/regex.custom.pm

Add the following code:

# Block IP if more than 5 requests in 3600 for wp-login
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/wp-login\.php.*" /)) {
return ("WP Login Attack",$1,"WPLOGIN","5","80,443","1");
}

# Block IP if more than 5 requests in 3600 for xml-rpc
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/xmlrpc\.php.*" /)) {
return ("WP XMLPRC Attack",$1,"XMLRPC","5","80,443","1");
}

have a look :

Restart CSF and LFD to apply changed:

csf -r
service lfd restart

Bipul
Bipul

Jobair Alam Bipul and I’m a 31-year-old tech enthusiast from Bangladesh. have been working in the E-commerce, Domain and Web Hosting industry for more than 10 years

Articles: 68

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trending now

How To Remove Malware From WordPress Website
How to secure your WordPress Website in a few stepsHow To Fix 401 Unauthorized Error wordpress on DigitalOcean
How to Configure Google Public DNS IP Resolver on cPanel