On Thu, 2 Oct 2014, [email protected] wrote:
Disabling XMLRPC completely via wp-config.php is quite easy.. I can
send required info when I'm in front of a computer. You can also use
an .htaccess rule for Apache to stop requests completely. I'm sure
there's also rules for Nginx, lighttpd, etc that can be found quite
easily via Google. Surprised most people don't have this
disabled/blocked already.
Another good trick to keep IP-based scanners off your back is to make
sure that all HTTP requests have a valid Host: header. In Apache, it's
easy. The first-listed <VirtualHost> declaration is the default if a
client fails to provide a Host: header in the request. So the initial
Virtual host is basically a deny-all container, e.g.,
<VirtualHost *:80>
ServerSignature off
<Location />
<RequireAny>
Require local
Require ip [some administrative IP addr]
</RequireAny>
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName www.you.com
# the real work happens here ...
</VirtualHost>
For extra credit, you can write a fail2ban filter that scans the
default ErrorLog for telltale signs of IP-based scanning (watch out
for unintended line-wrapping in the example below).
# /etc/fail2ban/filter/apache-iponly.conf
[DEFAULT]
_apache_error_msg = \[[^]]*\] \[\S*:error\] \[pid \d+\] \[client
<HOST>(:\d{1,5})?\]
[Definition]
failregex = ^%(_apache_error_msg)s (AH0\d+: )?client denied by server
configuration: (uri )?.*$
^%(_apache_error_msg)s script '\S+' not found or unable to stat(,
referer: \S+)?\s*$
--
Paul Heinlein
[email protected]
45°38' N, 122°6' W_______________________________________________
CentOS mailing list
[email protected]
http://lists.centos.org/mailman/listinfo/centos
