Differences

This shows you the differences between two versions of the page.

--- litespeed_wiki:config:xmlrpc.php_bot_attack_block [2018/03/29 19:07]
Lisa Clarke Proofreading
+++ litespeed_wiki:config:xmlrpc.php_bot_attack_block [2024/07/10 19:21] (current)
Lisa Clarke Redirect to new Documentation Site
@@ Line 1: / Line 1: @@
-====== How to Block xmlrpc.php Bot Attack ======
+~~REDIRECT>https://docs.litespeedtech.com/lsws/security/#block-a-bot-attack~~
-Your server may experience heavy hits from a bot named [[http://law.di.unimi.it/BUbiNG.html#wc|BUbiNG]]. This may have caused a massive load spike in the server. To prevent further problems, we can deny that user agent globally.
-===== Example 1 =====
-An easy solution is to use a rewrite rule to detect the user agent, and then set environment with the action ''[E=blockbot]''.  This will drop the direct connection from that client IP.
-Add the following to the ''.htaccess'' of the ''test.com'' domain:
-  RewriteEngine On
-  RewriteCond %{HTTP_USER_AGENT} "BUbiNG"
-  RewriteRule .* - [E=blockbot:1]
-To verify, you can run:
-  curl -A "BUbiNG" test.com
-If your rules need further debugging, you can enable rewrite log to check.
-===== Example 2 =====
-On a server, after configuring cPanel Piped Logging to push entries to ''/usr/local/apache/logs/error_log'', you can see many ''404 File not found [/var/www/html/xmlrpc.php]'' entries coming through. 404 will not trigger the LSWS WordPress protection feature, because the requests look like they're being processed by the default vhost.
-Locate the virtual host serving the requests, and add a vhost-level rewrite rule to drop the connection using ''[E=blockbot]''.
-  RewriteRule ^/xmlrpc.php - [E=blockbot:1]
-**Note:** Do not apply the above at the server level since it will block //everyone// accessing ''xmlrpc.php'' globally.