Control Web Panel

Security => CSF Firewall => Topic started by: nuffsaid on January 14, 2020, 11:18:56 AM

Title: xmlrpc and wp-login attacks
Post by: nuffsaid on January 14, 2020, 11:18:56 AM: Ahoy

I'm getting a log of attacks mainly on the wordpress xmlrpc and wp-login.php files.

Is they a way to configure CSF to auto block these request as soon as they happen?

Some of these are now overloading the server.
Title: Re: xmlrpc and wp-login attacks
Post by: ejsolutions on January 14, 2020, 01:55:12 PM: Short answer, yes.
You need a custom regex for CSF - I haven't had the time to fully research this and don't know the syntax enough.
Wordfence helps a bit but doesn't stop the idiots trying. ;)
(You could also setup a honeypot and block them that way)

Untested:
https://www.knownhost.com/wiki/security/csf-lfd/configure-wordpress-using-regex
Might be better:
https://forum.configserver.com/viewtopic.php?t=9447

SMF 2.0.6 | SMF © 2013, Simple Machines