Looking for a JavaEE Architect or Potential Tech Co-Founder?
Please don't hesitate to contact me.

How to handle an xmlrcp wordpress attack on nginx server

I'm not really a system administrator and these steps are just based on my personal experience in securing our own wordpress websites.

Lately there has been a lot of attacks on wordpress sites (since it's a popular framework) specially on windows machine. So we decided to migrate on a linux machine. Obviously got a lot of attacks still, one of the nasty one is a DoS (denial of service), and here's how we handled it:

  1. Install akismet plugin.
  2. Install wordfence plugin - this one is really good.
  3. If you know how to type commands on linux, run tail -f /var/log/nginx/access.log. This will should the most frequent request together with its IP take note of it and under WordFence->Blocked IPs, add it.
  4. Install and configure ip tables. 
  5. Block the ip in ip tables (INPUT section):
    sudo iptables -A INPUT -s [IP ADDRESS] -j DROP
    //or insert as a first rule
    sudo iptables -I INPUT 1 -s [IP ADDRESS] -j DROP
    //check if configured correctly
    sudo iptables -L --line-numbers
    //to remove a rule
    iptables -D INPUT [line-number]
  6. Configure nginx.conf to block xmlrpc request (make sure that you are not using it). Normally you don't. Create nginx.conf in your webroot with the following contents:
    # nginx configuration
    location /xmlrpc.php {
    deny all;
    Here's an htaccess to nginx converter, just in case you need: http://winginx.com/en/htaccess.
  7. Setup fail2ban. Google on how-to. Here's my favorite: https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-14-04.
How to handle an xmlrcp wordpress attack on nginx server How to handle an xmlrcp wordpress attack on nginx server Reviewed by Edward Legaspi on Monday, November 02, 2015 Rating: 5

No comments:

Powered by Blogger.