...

View Full Version : Need to block this ASAP



four0four
10-25-2010, 03:53 AM
In my log files, I've been receiving thousands of requests that look like the following:



"POST / HTTP/1.0" 200 18890 "-" The Incutio XML-RPC PHP Library -- WordPress/3.0.1"


It's so bad that the shared server that I'm on crashed. :(

Can someone help me block these types of requests?

Thanks!

Fou-Lu
10-25-2010, 06:42 PM
In my log files, I've been receiving thousands of requests that look like the following:



"POST / HTTP/1.0" 200 18890 "-" The Incutio XML-RPC PHP Library -- WordPress/3.0.1"


It's so bad that the shared server that I'm on crashed. :(

Can someone help me block these types of requests?

Thanks!

Not sure this is actually a problem; according to this some XML-RPC request from a wordpress has accessed the site and was provided with a valid result.
If you want, you can block the referrer if its not specified or in this case is just a "-". See this link for information on that: http://www.javascriptkit.com/howto/htaccess14.shtml

four0four
10-26-2010, 02:01 AM
It crashed the shared server I was on, due to the thousands of POST requests.

So I need to block this, to prevent anything like that from happening again.

Instead of blocking the user agent, I came up with the following to block all POST requests to my website, yet allow all POST requests from within my website.



RewriteEngine on
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_HOST} !.*mydomain.com.*
RewriteRule ^.* - [F,L]


but it doesn't seem to work correctly. Any ideas?

Fou-Lu
10-26-2010, 06:49 PM
That looks right to me, not exactly sure why it won't work. Unless of course the accessing client is pretending its host is matching that domain.
Still don't think this will solve your problems; it will stop a page from being served, but it won't stop the connection itself. If this is getting to be a problem for your shared host, they should look at blocking the originating source addresses themselves.
I don't know what you are using, but if you are on a wordpress I would assume that this is your wordpress talking with someone else. If this is the case, then just don't use wordpress.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum