Monday, July 28, 2014

iptables - Bots hitting xmlrpc.php and causing high load on the server

Recently we are having a lot of hits to wordpress xmlrpc.php which in end causes high load on the servers.



We tried rewriting all xmlrpc.php to 127.0.0.1 but didn't help much. Since apache was still handling the connections.
In the end we blocked this kind of connections using




iptables -I INPUT 1 -p tcp --dport 80 -m string --string "xmlrpc.php" --algo bm -j DROP



Unfortunately, all of this is causing problems with plugins that are using xmlrpc.php like jetpack etc.



Anyone had experience with this kind of problem and has some suggestions how to handle this ?



Edit:
Is it possible to add additional rule which would allow access from the wordpress IP range ? How would that rule look like since the blocking rule is using string ?

No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...