fail2ban WordPress XMLRPC spammers

Poor SEO scripts kept spamming my wordpress install (via xmlrpc.php) and pegging my CPU. I got annoyed, so now they get banned.

The configuration in jail.conf:


[apache-xmlrpc]

enabled = true
port = http,https
filter = apache-xmlrpc
action = iptables[name=http, port=http, protocol=tcp]
logpath = /var/log/httpd/access_log
maxretry = 5

And the filter in filter.d/apache-xmlrpc.conf:


# Fail2Ban for xmlrpc.php spam
[Definition]
failregex = ^<HOST> - .*"POST /xmlrpc.php.*HTTP.*$
ignoreregex =

This entry was posted in uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published.