countryroadgraphics
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <h4>Use at your own risk. Some of these commands remove data and/or terminate processes.</h4> | |
| <h1><b>Load | |
| </b></h1> | |
| <strong>WordPress attacks</strong> | |
| <code>egrep -c '(wp-comments-post.php|wp-login.php|xmlrpc.php)' /usr/local/apache/domlogs/* |grep -v "_log" |sort -t: -nr -k 2 |head -5 |tee /tmp/delete_check |cut -d'/' -f6; for domlog in $(cut -d':' -f1 /tmp/delete_check); do echo; echo $domlog; echo; echo wp-login.php :: $(grep -c wp-login.php $domlog); echo; grep wp-login.php $domlog | cut -d' ' -f1|egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' |sort |uniq -c |sort -nr | head; echo; echo xmlrpc.php :: $(grep -c xmlrpc.php $domlog); echo; grep xmlrpc.php $domlog |cut -d' ' -f1 |egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' |sort |uniq -c |sort -nr | head; echo; echo wp-comments-post.php :: $(grep -c wp-comments-post.php $domlog); echo; grep wp-comments-post.php $domlog |cut -d' ' -f1 |egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' |sort |uniq -c |sort -nr | head; echo; done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SecAction phase:1,nolog,pass,initcol:IP=%{REMOTE_ADDR},id:690010 | |
| <LocationMatch "/xmlrpc(\.php)?$"> | |
| SecAction phase:2,nolog,pass,deprecatevar:ip.count_a=1/20,id:690010 | |
| SecRule IP:COUNT_A "@gt 5" "phase:2,deny,status:403,log,msg:'WAF Rules : XMLRPC - Ratelimited to one call in 20 seconds',id:690012" | |
| SecRule RESPONSE_BODY "fault(Code|String)" "phase:4,pass,nolog,setvar:ip.count_a=+1,id:690013" | |
| </LocationMatch> |