博客被xmlrpc.php DDOS攻击

Posted by 冰河 at 00:42 Add comments 22,713 Views
122015

博客最近频繁502 bad gateway。VPS流量也暴增。今天查log(/home/wwwlogs)无意发现有个ip不停的访问xmlrpc.php。Google了一把好像是试图暴力破解wp的密码。

果断删除xmlrpc.php并且屏蔽ip

iptables -I INPUT -s 188.209.52.55 -j DROP

补充:

单个IP的命令是

iptables -I INPUT -s 124.115.0.199 -j DROP

封IP段的命令是

iptables -I INPUT -s 124.115.0.0/16 -j DROP

iptables -I INPUT -s 124.115.3.0/16 -j DROP

iptables -I INPUT -s 124.115.4.0/16 -j DROP

封整个段的命令是

iptables -I INPUT -s 124.115.0.0/8 -j DROP

封几个段的命令是

iptables -I INPUT -s 61.37.80.0/24 -j DROP

iptables -I INPUT -s 61.37.81.0/24 -j DROP

参考:

http://blog.51yip.com/linux/1404.html

http://www.mikevanwinkle.com/block-a-hacker-post-attack-on-wordpress-xmlrpc-php/

随机日志

3 Responses to “博客被xmlrpc.php DDOS攻击”

  1. 兄弟,我的站make-money.org 已经修改为搞网赚,域名改为gaowz.com,请修改下链接,谢谢。。

  2. 现在的人真是无下限啊

Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Protected by WP Anti Spam
© 2009 - 2024 冰河的博客