wordpress博客防止xmlrpc.php暴力破解账号密码的方法

2016年11月14日 发表评论 阅读评论

闪电站小猪早上收到服务器报警,资源消耗过高,看流量消耗并不高,查询访问日志,有人短时间发送大量POST请求到博客xmlrpc.php接口,造成CPU消耗过高。

看IP是个老外,没法管啊。。

防范策略:

1、修改xmlrpc.php路径,防止暴力破解。

2、配置apache rewrite规则,禁止访问xmlrpc.php

<FilesMatch “^xmlrpc\.php$”>
    order deny,allow
    deny from all
</FilesMatch>

主要是博客用live writer来写,需要用到这个接口,不用的可以直接删除或者在后台禁用xmlrpc远程写博客的功能。

173.245.56.89 – – [14/Oct/2015:02:00:53 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
141.101.104.85 – – [14/Oct/2015:02:11:06 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
141.101.104.85 – – [14/Oct/2015:02:21:32 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
173.245.54.67 – – [14/Oct/2015:04:38:12 +0800] “GET /xmlrpc.php HTTP/1.1″ 405 6
162.158.176.95 – – [14/Oct/2015:05:01:33 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
162.158.176.95 – – [14/Oct/2015:05:01:34 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
162.158.176.95 – – [14/Oct/2015:05:01:37 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
162.158.176.95 – – [14/Oct/2015:05:01:40 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
162.158.176.95 – – [14/Oct/2015:05:01:41 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
162.158.176.95 – – [14/Oct/2015:05:01:41 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
162.158.176.95 – – [14/Oct/2015:05:01:44 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
162.158.176.95 – – [14/Oct/2015:05:01:44 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
162.158.176.95 – – [14/Oct/2015:05:01:46 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
162.158.176.95 – – [14/Oct/2015:05:01:50 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
162.158.176.95 – – [14/Oct/2015:05:01:50 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
162.158.176.95 – – [14/Oct/2015:05:01:54 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
162.158.176.95 – – [14/Oct/2015:05:01:53 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
162.158.176.95 – – [14/Oct/2015:05:01:58 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
162.158.176.95 – – [14/Oct/2015:05:01:58 +0800] “POST /xmlrpc.php HTTP/1.1″ 200
162.158.176.95 – – [14/Oct/2015:05:02:02 +0800] “POST /xmlrpc.php HTTP/1.1″ 200


转载请注明来自:[MSN Spaces]http://msn.shandian.biz/1163.html

  1. 本文目前尚无任何评论.