Skip to main content

Website Flood and with Wordpress PingBack

Comments

4 comments

  • fuzzylogic
    To prevent ConfigServer LFD from adding these IPs to the Firewall deny list you must stop Modsecurity from writing 40* errors in the Apache error_log for these rules. To do this is easy. You only have to edit your rules from using "log" to using "nolog". Three of your rules have broken syntax. (there is no &; syntax. use the Ampersand special operator to count) ----- id:'13006' SecRule &;REQUEST_HEADERS:User-Agent "^$" should be... SecRule REQUEST_HEADERS:User-Agent "^$" It checks for an empty value in the User-Agent: header using the default rx operator (regular expression) ----- id:'13009' SecRule &;REQUEST_HEADERS:User-Agent "@eq " \ should be... SecRule REQUEST_HEADERS:User-Agent "@streq ''" \ It checks for an empty value in the User-Agent: header using the streq operator (string equal) ----- id:'13019' SecRule &;REQUEST_HEADERS:User-Agent "@eq 0" \ should be... SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \ It counts the number of User-Agent: headers then uses the eq operator (numerical equal) to see if there are 0 User-Agent: headers
    0
  • Bidi
    @fuzzylogic thank you. Dose anyone alse know any more mod_sec rules for this problem ?
    0
  • cPanelLauren
    Hi @Bidi I don't know any specifically but I have heard the articles here are helpful for a lot of people: WordPress XML-RPC PingBack Vulnerability Analysis Blocking wordpress pingback with mod_security and fail2ban Thanks!
    0
  • Bidi
    Hy, back again now with another problem. Anyone know how can i block this ? With mod_sec ? some rule for size 0 ?
    0

Please sign in to leave a comment.