Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
vasyaok2014-10-11 20:54:01
Apache HTTP Server
vasyaok, 2014-10-11 20:54:01

How to protect Apache from DDoS attacks through WordPress sites?

In general, for many days now my site has been ddosed using this method (I attach the logs at the end). Site on Apache2. I searched a lot of sites, but did not understand - how to block the user-agent of WordPress and all its multiple versions?

54.248.91.179 - - [11/Oct/2014:19:40:06 +0200] "GET / HTTP/1.1" 403 499 "-" "WordPress/3.9.2; http://tpy.tw; verifying pingback from 80.82.65.17"
107.20.136.153 - - [11/Oct/2014:19:40:06 +0200] "GET / HTTP/1.1" 403 500 "-" "WordPress/3.5; http://enter.seasite.com"
176.34.202.158 - - [11/Oct/2014:19:40:06 +0200] "GET / HTTP/1.1" 403 499 "-" "WordPress/3.9.1; http://ec2-176-34-202-158.eu-west-1.compute.amazonaws.com; verifying pingback from 80.82.65.17"
46.137.97.25 - - [11/Oct/2014:19:40:06 +0200] "GET / HTTP/1.1" 403 499 "-" "WordPress/3.7.4; http://46.137.97.25; verifying pingback from 80.82.65.17"
176.34.202.158 - - [11/Oct/2014:19:40:06 +0200] "GET / HTTP/1.1" 403 500 "-" "WordPress/3.9.1; http://ec2-176-34-202-158.eu-west-1.compute.amazonaws.com; verifying pingback from 80.82.65.17"
54.248.91.179 - - [11/Oct/2014:19:40:06 +0200] "GET / HTTP/1.1" 403 499 "-" "WordPress/3.9.2; http://tpy.tw; verifying pingback from 80.82.65.17"

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
S
Sergey Petrikov, 2014-10-11
@RicoX

If in the forehead, then put nginx on the frontend and something like this www.cyberciti.biz/faq/unix-linux-appleosx-bsd-ngin... but this is a hell of a crutch, I would advise putting ipset to iptables, parsing the log for a minute by third parties script (or fail2ban) and load all ip into the ipset rule for blocking, it will not slow down and you can make many rules with different logic.

Report
E
eugenesv, 2014-10-11
@eugenesv

in addition to the previous comment
Close everything on the firewall by geo-reference except for networks of only countries of interest and search engines
If the content does not change constantly, replace the start page that is being pulled with a static one for the duration of the attack. You also need to set the rate-limit for the number of connections from one ip through iptables.

Report
N
Nikolai Parotikov, 2014-10-11
@parotikov

just today I solved a similar problem - I coped with the All In One WP Security plugin . there is both blocking by user-agent, and closing the hole with xmlrpc

Report
A
AntiDDoSexpert, 2014-11-17
@AntiDDoSexpert

better like this:
iptables -A INPUT -p tcp --dport 80 -m string --string 'WordPress' --algo kmp -j DROP

Similar questions
E
Emil2021-11-19 15:27:16
How to make Apache NOT confuse virtualhosts? 1Reply
S
Sergey Pugovkin2016-04-12 17:00:32
How to add Cache-Control (Apache) header depending on content-type (details inside)? 1Reply
S
ShadowMoon2016-04-14 06:09:16
Apache HTTP Authorization and MYSQL? 1Reply
A
Alexander Tishchenko2021-11-21 21:11:33
Why does a 521 error occur when going to the site page? 1Reply
D
dogovor2016-04-16 12:00:15
Link to favicon returns text content-type instead of graphic, how to change? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question