Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home Help
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Paid Help

agoldenbergagoldenberg Member, Host Rep
in Help

Need someone to write me a regex for a cpanel server that will add a block line for any IP making requests of any sort to XMLRPC.php

PM me if you can handle this and what you would charge.

Comments

  • NexHostNexHost Member
    edited November 2015

    You can do this with mod security for cPanel you can try Comodo WAF i think it might already have some rules for wordpress based attacks as the one you described above. or you can do some HTTP rate limiting.

    Did a little searching for you and found the following article that might be useful

    http://linuxavid.blogspot.co.uk/2014/10/modsecurity-block-rule-for-xmlrpc-and.html

  • jarjar Patron Provider, Top Host, Veteran
    edited November 2015 
    < FilesMatch "xmlrpc.php" >
Deny from all
< /FilesMatch >

    Since .htaccess is read recursively, should be able to put that in /home and just be done with it.

    Thanked by 2netomx impossiblystupid
  • agoldenbergagoldenberg Member, Host Rep

    @jmckeag12 Does this simply go into .htaccess? The reason I'm looking for a regex is so I don't have to go in and modify every single .htaccess file.

  • agoldenbergagoldenberg Member, Host Rep

    @jar putting it in home causes an internal server error.

  • k0nslk0nsl Member

    Yes, of course it does if you copied and pasted it. Remove the spaces.

    @agoldenberg said:
    jar putting it in home causes an internal server error.

  • agoldenbergagoldenberg Member, Host Rep
    edited November 2015

    @k0nsl I know enough to remove the spaces. I removed them and restarted httpd.

  • agoldenbergagoldenberg Member, Host Rep

    Forgot the /FilesMatch woops!

  • NexHostNexHost Member

    @agoldenberg said:
    jmckeag12 Does this simply go into .htaccess? The reason I'm looking for a regex is so I don't have to go in and modify every single .htaccess file.

    If you do it with mod security you can apply it on a server-wide level. instead of doing it per account. This is the best way to do what you are looking for. or as Jar said to deny complete access to xmlprc

  • k0nslk0nsl Member
    edited November 2015

    Try this:

    <FilesMatch "^(xmlrpc\.php)">
Order Deny,Allow
Allow from 127.0.0.1 # server IP here
Deny from all
</FilesMatch>
  • agoldenbergagoldenberg Member, Host Rep

    @k0nsl both solutions work :) Thanks to all who helped out! If I can do anything to help please do let me know.

    Thanked by 2netomx Junkless
  • jarjar Patron Provider, Top Host, Veteran

    @agoldenberg said:
    Forgot the /FilesMatch woops!

    Ah sorry, accidentally removed the / to please vanilla.

    Thanked by 1netomx
  • impossiblystupidimpossiblystupid Member
    edited November 2015

    @jmckeag12 said:
    If you do it with mod security you can apply it on a server-wide level. instead of doing it per account. This is the best way to do what you are looking for.

    Best is a relative thing, especially given the request was tagged with iptables. For that, "best" probably involves creating a fail2ban jail above and beyond Apache. That's what I do, anyway, because I don't get much benefit out of Apache just serving up a 403 instead of a 404.

    Thanked by 1NexHost
Sign In or Register to comment.