Attacks on WordPress XML-RPC are very common nowadays. Numerous and continuous POST requests to xmlrpc.php script might produce significant server load and it will dramatically effect browsing experience of all other users.
Block attacks with DirectAdmin + Apache
The hosting panel DirectAdmin uses templates for Apache, Nginx and other services which are managed by it. Templates once modified for our needs will effect all existing and newly created virtual hosts for our sites. So let’s do it.
A root level access over SSH is required. Once connected to a server console as root run the following commands:
cd /usr/local/directadmin/data/templates/custom/
touch virtual_host2.conf.CUSTOM.4.post virtual_host2_secure.conf.CUSTOM.4.post
touch virtual_host2_secure_sub.conf.CUSTOM.4.post virtual_host2_sub.conf.CUSTOM.4.post
chmod 644 virtual_host2.conf.CUSTOM.4.post virtual_host2_secure.conf.CUSTOM.4.post
chmod 644 virtual_host2_secure_sub.conf.CUSTOM.4.post virtual_host2_sub.conf.CUSTOM.4.post
Here we changed directory and created 4 empty files, which we need to open in an editor (one-by-one) and populate with the following directives:
<Location ~ "/xmlrpc.php">
Order allow,deny
Deny from all
ErrorDocument 403 "Sorry, you are not allowed to view this page!"
</Location>
As soon as we complete with the 1 template, let's say it is virtual_host2.conf.CUSTOM.4.post, we can copy its content to the other files:
cp -p virtual_host2.conf.CUSTOM.4.post virtual_host2_secure.conf.CUSTOM.4.post
cp -p virtual_host2.conf.CUSTOM.4.post virtual_host2_secure_sub.conf.CUSTOM.4.post
cp -p virtual_host2.conf.CUSTOM.4.post virtual_host2_sub.conf.CUSTOM.4.post
Now we need to apply changes and re-generate configs for all existing virtual hosts. Run this:
cd /usr/local/directadmin/custombuild/
./build rewrite_confs
If all is done correct you will see "Sorry, you are not allowed to view this page!".
Block attacks with NGINX
For nginx create the following files:
cd /usr/local/directadmin/data/templates/custom/
touch nginx_server.conf.CUSTOM.4.post nginx_server_secure.conf.CUSTOM.4.post
touch nginx_server_secure_sub.conf.CUSTOM.4.post nginx_server_sub.conf.CUSTOM.4.post
chmod 644 nginx_server.conf.CUSTOM.4.post nginx_server_secure.conf.CUSTOM.4.post
chmod 644 nginx_server_secure_sub.conf.CUSTOM.4.post nginx_server_sub.conf.CUSTOM.4.post
Here we changed directory and created 4 empty files, which we need to open in an editor (one-by-one) and populate with the following directives:
location =/xmlrpc.php
{
deny all;
}
As soon as we complete with the 1 template, let's say it is nginx_server.conf.CUSTOM.4.post, we can copy its content to the other files:
cp -p nginx_server.conf.CUSTOM.4.post nginx_server_secure.conf.CUSTOM.4.post
cp -p nginx_server_secure.conf.CUSTOM.4.post nginx_server_secure_sub.conf.CUSTOM.4.post
cp -p nginx_server_secure_sub.conf.CUSTOM.4.post nginx_server_sub.conf.CUSTOM.4.post
Now we need to apply changes and re-generate configs for all existing virtual hosts. Run this:
cd /usr/local/directadmin/custombuild/
./build rewrite_confs
If all is done correct you will see a 403 error: "403 Forbidden".
