"xmlrpc wp-login are common attacks for WordPress installations, with CSF firewall we can block them."
"We used to define in LOG inside the log directory from which CSF will be able to search for wp-login.php and xmlrpc.php requests. Than we edit your /etc/csf/csf.conf like bellow: CUSTOM1_LOG = "/var/log/httpd/domains/*.log" How to manage IPSET for a WordPress DDoS attacks?"
Create a dedicated ipset (hash:ip) to hold malicious IPs and add a single iptables rule that drops traffic matching that set. Populate the set automatically from CSF detections or from a log-parsing script that scans CUSTOM1_LOG for repeated wp-login.php and xmlrpc.php hits and adds offending IPs with a timeout. Persist the ipset across reboots with ipset save/restore or a systemd unit. Use sensible timeouts, thresholds, and whitelists to avoid blocking legitimate users. Optionally aggregate by CIDR or use GeoIP to block abusive regions. Monitor the set size and performance to avoid overloading rules.
Read at SitePoint Forums | Web Development & Design Community
Unable to calculate read time
Collection
[
|
...
]