Answer the question
In order to leave comments, you need to log in
How to protect Apache from DDoS attacks through WordPress sites?
In general, for many days now my site has been ddosed using this method (I attach the logs at the end). Site on Apache2. I searched a lot of sites, but did not understand - how to block the user-agent of WordPress and all its multiple versions?
54.248.91.179 - - [11/Oct/2014:19:40:06 +0200] "GET / HTTP/1.1" 403 499 "-" "WordPress/3.9.2; http://tpy.tw; verifying pingback from 80.82.65.17"
107.20.136.153 - - [11/Oct/2014:19:40:06 +0200] "GET / HTTP/1.1" 403 500 "-" "WordPress/3.5; http://enter.seasite.com"
176.34.202.158 - - [11/Oct/2014:19:40:06 +0200] "GET / HTTP/1.1" 403 499 "-" "WordPress/3.9.1; http://ec2-176-34-202-158.eu-west-1.compute.amazonaws.com; verifying pingback from 80.82.65.17"
46.137.97.25 - - [11/Oct/2014:19:40:06 +0200] "GET / HTTP/1.1" 403 499 "-" "WordPress/3.7.4; http://46.137.97.25; verifying pingback from 80.82.65.17"
176.34.202.158 - - [11/Oct/2014:19:40:06 +0200] "GET / HTTP/1.1" 403 500 "-" "WordPress/3.9.1; http://ec2-176-34-202-158.eu-west-1.compute.amazonaws.com; verifying pingback from 80.82.65.17"
54.248.91.179 - - [11/Oct/2014:19:40:06 +0200] "GET / HTTP/1.1" 403 499 "-" "WordPress/3.9.2; http://tpy.tw; verifying pingback from 80.82.65.17"
Answer the question
In order to leave comments, you need to log in
If in the forehead, then put nginx on the frontend and something like this www.cyberciti.biz/faq/unix-linux-appleosx-bsd-ngin... but this is a hell of a crutch, I would advise putting ipset to iptables, parsing the log for a minute by third parties script (or fail2ban) and load all ip into the ipset rule for blocking, it will not slow down and you can make many rules with different logic.
in addition to the previous comment
Close everything on the firewall by geo-reference except for networks of only countries of interest and search engines
If the content does not change constantly, replace the start page that is being pulled with a static one for the duration of the attack. You also need to set the rate-limit for the number of connections from one ip through iptables.
just today I solved a similar problem - I coped with the All In One WP Security plugin . there is both blocking by user-agent, and closing the hole with xmlrpc
better like this:
iptables -A INPUT -p tcp --dport 80 -m string --string 'WordPress' --algo kmp -j DROP
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question