WordPress xmlrpc.php DDOS Attack

xmlrpc.php DDOS log:

92.83.137.105 - - [29/Aug/2024:13:49:42 +0000] "POST /xmlrpc.php HTTP/1.1" 200 271
34.86.74.105 - - [29/Aug/2024:13:49:47 +0000] "POST /xmlrpc.php HTTP/1.1" 200 271
74.208.201.244 - - [29/Aug/2024:13:49:51 +0000] "POST /xmlrpc.php HTTP/1.1" 200 271
159.69.71.219 - - [29/Aug/2024:13:49:56 +0000] "POST /xmlrpc.php HTTP/1.1" 200 271
213.238.191.111 - - [29/Aug/2024:13:50:00 +0000] "POST /xmlrpc.php HTTP/1.1" 200 271
148.113.1.176 - - [29/Aug/2024:13:50:10 +0000] "POST /xmlrpc.php HTTP/1.1" 200 271
185.191.171.13 - - [29/Aug/2024:13:50:10 +0000] "GET /archives/tag/%EC%A1%B0%EC%A7%81%EC%8B%A0%ED%95%99 HTTP/1.1" 200 20425
208.109.34.85 - - [29/Aug/2024:13:50:13 +0000] "POST /xmlrpc.php HTTP/1.1" 200 271
103.69.98.51 - - [29/Aug/2024:13:50:17 +0000] "POST /xmlrpc.php HTTP/1.1" 200 271
13.124.146.73 - - [29/Aug/2024:13:50:19 +0000] "POST /wp-cron.php?doing_wp_cron=1724939419.6289389133453369140625 HTTP/1.1" 200 -
68.178.164.152 - - [29/Aug/2024:13:50:19 +0000] "POST /wp-login.php HTTP/1.1" 403 2626
13.124.146.73 - - [29/Aug/2024:13:50:31 +0000] "POST /wp-cron.php?doing_wp_cron=1724939431.1754601001739501953125 HTTP/1.1" 200 -
162.241.201.42 - - [29/Aug/2024:13:50:30 +0000] "POST /wp-login.php HTTP/1.1" 403 2626
157.20.83.126 - - [29/Aug/2024:13:50:31 +0000] "POST /xmlrpc.php HTTP/1.1" 200 271
217.144.190.51 - - [29/Aug/2024:13:50:31 +0000] "GET /forums/wp-json/wp/v2/users/1 HTTP/1.1" 404 96720
148.72.144.154 - - [29/Aug/2024:13:50:36 +0000] "POST /xmlrpc.php HTTP/1.1" 200 271
34.64.82.75 - - [29/Aug/2024:13:50:40 +0000] "GET /archives/862 HTTP/1.1" 200 44405
66.29.134.170 - - [29/Aug/2024:13:50:50 +0000] "POST /xmlrpc.php HTTP/1.1" 200 271
65.21.92.243 - - [29/Aug/2024:13:50:55 +0000] "POST /xmlrpc.php HTTP/1.1" 200 271
45.119.84.66 - - [29/Aug/2024:13:50:59 +0000] "POST /xmlrpc.php HTTP/1.1" 200 271
119.45.26.99 - - [29/Aug/2024:13:51:01 +0000] "POST /wp-login.php HTTP/1.1" 403 2626
159.223.35.88 - - [29/Aug/2024:13:51:05 +0000] "POST /xmlrpc.php HTTP/1.1" 200 271
93.107.1.136 - - [29/Aug/2024:13:51:10 +0000] "POST /xmlrpc.php HTTP/1.1" 200 271

defense:

(Application 1) Block file xmlrpc.php by .htaccess of WordPress root

<Files xmlrpc.php>
    order deny,allow
    deny from all
</Files>

or

<Files xmlrpc.php>
   Require all denied
</Files>

(Application 2) Block file xmlrpc.php by vhost.conf of Apache. That means apache blockade at source (How to leave even no logs. Recommended!!)

ex, Aws bitnami

$ cd /opt/bitnami/apache/conf/vhosts/
$ vi 00_status-vhost.conf
/**insert below to <Vhost...> </Vhost> block **/
<Files xmlrpc.php>
   Require all denied
   # ErrorDocument 403 /403.html
</Files>
카테고리 Law

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다