Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
litespeed_wiki:config:xmlrpc.php_bot_attack_block [2018/03/29 16:00]
Jackson Zhang created 		litespeed_wiki:config:xmlrpc.php_bot_attack_block [2024/07/10 19:21] (current)
Lisa Clarke Redirect to new Documentation Site
Line 1: Line 1:
-====== Block bot attack by user agent ====== +~~REDIRECT>​https://docs.litespeedtech.com/​lsws/​security/#block-a-bot-attack~~
-Your server may experience heavy hits from a bot named [http://law.di.unimi.it/BUbiNG.html#wc|BUbiNG]. This may have caused ​massive load spike in the server. How can we deny that user agent globally? +
- +
-An easy solution is to use a rewrite rule to detect the user-agent, then set environment with action [E=blockbot]. ​ It will drop direct connection from that client IP. +
- +
-===== Example 1 ===== +
-For example, add the following to the .htaccess of the test.com domain. +
- +
-  RewriteEngine On +
-  RewriteCond %{HTTP_USER_AGENT} "​BUbiNG"​ +
-  RewriteRule .* [E=blockbot:​1] +
- +
-To verify, you can run: +
-  curl -A "​BUbiNG"​ test.com +
- +
-If your rules need further debugging, you can enable rewrite log to check. +
- +
-===== Example 2 ===== +
-One a server after configuring cpanel piped logging to push entries to /​usr/​local/​apache/​logs/​error_log,​ user can see tons of 404 File not found [/​var/​www/​html/​xmlrpc.php] coming through. 404 will not trigger the LSWS WordPress protection feature. The requests look like being processed by the default vhost. How to do them? +
- +
-While you should locate the virtual host serving the requests, add vhost level rewrite rule to drop the connection using "​E=blockbot"​. +
- +
-  RewriteRule ^/​xmlrpc.php - [E=blockbot:​1] +
- +
-Do not apply the above at server level since it will block everyone accessing xmlrpc.php globally.+
  • Admin
  • Last modified: 2018/03/29 16:00
  • by Jackson Zhang