Skip to main content

XMLRPC Spam

Comments

6 comments

  • cPanelMichael
    Hello @dstana, I recommend reviewing the following threads for additional methods you can use to prevent these types of attacks: Thank you.
    0
  • dstana
    I've read those threads, I'm confused why what I've done isn't enough for XMLRPC only?
    0
  • cPanelMichael
    Hello @dstana, Can you post the specific output you see in the Apache full status page, or the output to /usr/local/apache/logs/error_log when the requests make it through? Also, have you confirmed the requests are succeeding and that you're not simply seeing the rejected requests in the output? Thank you.
    0
  • dalem
    even though you are blocking it the requests will still be made sites with no WP install can even get flooded add the rule below to mod security and set csf to ban mod security hits works for us this gets 99% of them as they are just bots #Block requests to xmlrpc.php with no referring URL SecRule REQUEST_METHOD "POST" "deny,status:401,id:5000900,chain,msg:'xmlrpc request blocked, no referer'" SecRule &HTTP_REFERER "@eq 0" "chain" SecRule REQUEST_URI "xmlrpc.php"
    0
  • Sistemas Grupodistri
    present the same inconvenience when sending HTML files is there any solution in the configuration of the cpanel to allow these emails to come out and not generate the same problem? Thank you Problem SMTP error from remote mail server after end of data: 552 5.2.0 r3OZgBVlYRlCF :: ded :: Message rejected for spam or virus content :: Please include this entire message when contacting support :: [removed body contents]
    0
  • cPanelMichael
    Hello @Sistemas Grupodistri, Can you share some more information about how this relates to this thread's original post? Have you attempted to block the activity using Mod_Security or custom firewall rules? Thank you.
    0

Please sign in to leave a comment.