Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
|
litespeed_wiki:config:xmlrpc.php_bot_attack_block [2018/10/05 18:52] Lisa Clarke Proofreading |
litespeed_wiki:config:xmlrpc.php_bot_attack_block [2024/07/10 19:21] (current) Lisa Clarke Redirect to new Documentation Site |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== How to Block a Bot Attack ====== | + | ~~REDIRECT>https://docs.litespeedtech.com/lsws/security/#block-a-bot-attack~~ |
| - | Your server may experience heavy hits from bots. Here are three different examples of bot attacks and how to block them. | + | |
| - | + | ||
| - | ===== Example 1: "BUbiNG" bot ===== | + | |
| - | + | ||
| - | "BUbiNG" bot [[http://law.di.unimi.it/BUbiNG.html#wc|BUbiNG]] can cause a massive load spike in the server. To prevent further problems, we can deny that user agent globally. | + | |
| - | + | ||
| - | An easy solution is to use a rewrite rule to detect the user agent, and then set environment with the action ''[E=blockbot]''. This will drop the direct connection from that client IP. | + | |
| - | + | ||
| - | Add the following to the ''.htaccess'' of your ''example.com'' domain: | + | |
| - | + | ||
| - | RewriteEngine On | + | |
| - | RewriteCond %{HTTP_USER_AGENT} "BUbiNG" | + | |
| - | RewriteRule .* - [E=blockbot:1] | + | |
| - | + | ||
| - | To verify, you can run: | + | |
| - | curl -A "BUbiNG" example.com | + | |
| - | + | ||
| - | If your rules need further debugging, you can enable the rewrite log for more details. | + | |
| - | + | ||
| - | ===== Example 2: "xmlrpc.php" Bot ===== | + | |
| - | On a server, after configuring cPanel Piped Logging to push entries to ''/usr/local/apache/logs/error_log'', you can see many ''404 File not found [/var/www/html/xmlrpc.php]'' entries coming through. 404 will not trigger the LSWS WordPress protection feature, because the requests look like they're being processed by the default vhost. | + | |
| - | + | ||
| - | Locate the virtual host serving the requests, and add a vhost-level rewrite rule to drop the connection using ''[E=blockbot]''. | + | |
| - | + | ||
| - | RewriteRule ^/xmlrpc.php - [E=blockbot:1] | + | |
| - | + | ||
| - | **Note:** Do not apply the above at the server level since it will block //everyone// accessing ''xmlrpc.php'' globally. | + | |
| - | + | ||
| - | + | ||
| - | ===== Example 3: Cookie Bots ===== | + | |
| - | If the bots are cookie related, you can also try something like the following and tailor it to what you need. | + | |
| - | + | ||
| - | RewriteCond %{HTTP_COOKIE} yourcookiename | + | |
| - | RewriteRule .* - [F] | + | |
| - | + | ||