WordPress xmlrpc attack work around

Block the naughty IPs using the htaccess file and this code:

$ tail -10000 access_log |grep /xmlrpc.php|awk '{ips[$1]++}END{for (i in ips) print i " " ips[i]}'
68.x.x.52 1
173.x.x.17 1
185.x.x.249 15
117.x.x.46 1
192.x.x.80 1
80.x.x.104 1105
180.x.x.59 1
198.x.x.90 3
192.x.x.130 3
93.x.x.61 1003
192.x.x.244 1
91.x..69 1
85.x.x.26 16
198.x.x.192 1
192.x.x.146 1
192.x.x.250 10
80.x.x.229 1092
190.x.x.155 1

Check the http and https logs.  The offenders are obvious.  Add them to the .htaccess blacklist.

This is a stop gap while we investigate a plugin like Disable XML-RPC Pingback.

About c3iq

Opensource, Linux, Unix, Fish, Family
This entry was posted in CELT, Linux SysAdmin, The Commons and tagged , , , . Bookmark the permalink.