duanmei4149 2015-10-19 10:30
浏览 40
已采纳

防止在nginx中使用xmlrpc.php并使用Windows Live Writer

My blog is running in wordpress on nginx. I found a lot of DDOS attack and nginx log is as follows.

 aaa.bbb.ccc.ddd - - [19/Oct/2015:16:11:50 +0900] "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/5.0 (compatible; Googlebot/2.1;  http://www.google.com/bot.html)" "-"

I added conf file as follows.

location = /xmlrpc.php {
    allow (my global ip);
    allow 127.0.0.1;
    deny all;
    access_log off;
    error_log off;
}

It seems to work fine to prevent DDOS attack. But I found that I encounter an error when I use Windows Live Writer. The error dialog is like this.

http://(my blog)/xmlrpc.php
405 Not Allowed

Seems to be that "allow (my global ip)" and "deny all" are working because Windows Live Writer error message is not 403 but 405. But I cannot find any solutions.

  • 写回答

1条回答 默认 最新

  • douren9077 2015-10-19 12:27
    关注

    To stop people abusing XML-RPC file, You may add the following filter into your theme's functions.php file:

    add_filter( 'xmlrpc_methods', function( $methods ) {
             unset( $methods['pingback.ping'] );
                return $methods;
          } ); 
    

    Source: https://blog.sucuri.net/2014/03/more-than-162000-WordPress-sites-used-for-distributed-denial-of-service-attack.html

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 微信小程序 用oss下载 aliyun-oss-sdk-6.18.0.min client报错
  • ¥15 ArcGIS批量裁剪
  • ¥15 labview程序设计
  • ¥15 为什么在配置Linux系统的时候执行脚本总是出现E: Failed to fetch http:L/cn.archive.ubuntu.com
  • ¥15 Cloudreve保存用户组存储空间大小时报错
  • ¥15 伪标签为什么不能作为弱监督语义分割的结果?
  • ¥15 编一个判断一个区间范围内的数字的个位数的立方和是否等于其本身的程序在输入第1组数据后卡住了(语言-c语言)
  • ¥15 Mac版Fiddler Everywhere4.0.1提示强制更新
  • ¥15 android 集成sentry上报时报错。
  • ¥15 抖音看过的视频,缓存在哪个文件