Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Igor Petrov2015-10-25 23:07:26
Nginx
Igor Petrov, 2015-10-25 23:07:26

How to block user-agent via iptables in Debian 7 OS?

Actually how to block user-agent through IPtables?
there is a wordpress attack by bots, and they are clogged in the logs ... I
tried to write this
iptables -I INPUT -p tcp -m string -algo kmp -string “WordPress” -j DROP
nothing helps, it does not block ...

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
R
Rsa97, 2015-10-25
@Rsa97

fail2ban

Report
M
Mark Doe, 2015-10-25
@mourr

The solution with string is very dubious
. Try writing them in a separate log, something like this

# Apache config
RewriteCond %{HTTP_USER_AGENT}  ^WordPress/4\.0
RewriteRule - [L,R=403,E=WordPress]
LogFormat "%t\t%a\t%{remote}p\t%{User-Agent}i"
CustomLog wordpress wordpress.log env=WordPress

Then, once an hour, let's say, get all the IPs from this log and ban them in batches by IP with a simple script

Report
M
Max, 2015-10-25
@MaxDukov

-algo bm?

Similar questions
A
Abc Edc2015-04-07 20:48:01
How to make image stretching with scaling? 3Reply
E
Eugene Wolf2017-01-21 18:36:42
CentOS + Nginx from sources. Why is the service not starting? 2Reply
A
Archakov Dennis2017-01-23 15:23:38
Why error 521: Web server is down? 2Reply
Z
zlodiak2019-06-18 11:14:53
Why is the docker container not displaying the page? 2Reply
G
grabbee2019-06-18 15:21:44
How to close access to the proxied site? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question