duanmei4149 2015-10-19 10:30
浏览 39
已采纳

防止在nginx中使用xmlrpc.php并使用Windows Live Writer

My blog is running in wordpress on nginx. I found a lot of DDOS attack and nginx log is as follows.

 aaa.bbb.ccc.ddd - - [19/Oct/2015:16:11:50 +0900] "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/5.0 (compatible; Googlebot/2.1;  http://www.google.com/bot.html)" "-"

I added conf file as follows.

location = /xmlrpc.php {
    allow (my global ip);
    allow 127.0.0.1;
    deny all;
    access_log off;
    error_log off;
}

It seems to work fine to prevent DDOS attack. But I found that I encounter an error when I use Windows Live Writer. The error dialog is like this.

http://(my blog)/xmlrpc.php
405 Not Allowed

Seems to be that "allow (my global ip)" and "deny all" are working because Windows Live Writer error message is not 403 but 405. But I cannot find any solutions.

  • 写回答

1条回答 默认 最新

  • douren9077 2015-10-19 12:27
    关注

    To stop people abusing XML-RPC file, You may add the following filter into your theme's functions.php file:

    add_filter( 'xmlrpc_methods', function( $methods ) {
         unset( $methods['pingback.ping'] );
            return $methods;
      } );

    Source: https://blog.sucuri.net/2014/03/more-than-162000-WordPress-sites-used-for-distributed-denial-of-service-attack.html

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 西门子S7-Graph,S7-300,梯形图
  • ¥50 用易语言http 访问不了网页
  • ¥50 safari浏览器fetch提交数据后数据丢失问题
  • ¥15 matlab不知道怎么改,求解答!!
  • ¥15 永磁直线电机的电流环pi调不出来
  • ¥15 用stata实现聚类的代码
  • ¥15 请问paddlehub能支持移动端开发吗?在Android studio上该如何部署?
  • ¥20 docker里部署springboot项目,访问不到扬声器
  • ¥15 netty整合springboot之后自动重连失效
  • ¥15 悬赏!微信开发者工具报错,求帮改