i have wordpress site being attacked following http post requests:
x.x.x.x - - [15/jul/2013:01:26:52 -0400] "post /?ctrlfunc_stttttuuuuuuvvvvvwwwwwwxxxxxyy http/1.1" 200 23304 "-" "mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1)" x.x.x.x - - [15/jul/2013:01:26:55 -0400] "post / http/1.1" 200 23304 "-" "mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1)" the attack isn't bad enough bring down apache, drive cpu usage more i'd to. therefore block these using mod_rewrite -- straight 403 page should -- i've not had luck far i've tried. block blank http post requests (to /) /?ctrlfunc_*
what i've done workaround block http post traffic won't work long-term.
any ideas? i've invested several hours on , have not made progress.
thanks!
instead of blocking request via mod_rewrite, i'd use bait record ip of offenders. then, adding them 96 hour black list within firewall block requests them.
see fail2ban.
specifically, believe fail2ban filters right place start looking write url-specific case.
http://www.fail2ban.org/wiki/index.php/manual_0_8#filters
http://www.fail2ban.org/wiki/index.php/howto_apache_myadmin_filter
Comments
Post a Comment