Client denied by server configuration
I noticed this tonight working on one of our servers which seemed to cause high diskio:
Seems it's an attack to plugins and wp-login.php for same domain. Who knows if this happens with other domain. But thats not my issue. My issue is how do I block it? Is there no setting to block it after certain amount? Any reason why mod security doesn't pickit up before? or is .htaccess rules before modsecurity?
[Wed Jun 10 21:44:07.454501 2015] [access_compat:error] [pid 688223:tid 140362137986816] [client 5.189.133.161:59264] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
[Wed Jun 10 21:44:07.455714 2015] [access_compat:error] [pid 688223:tid 140362137986816] [client 5.189.133.161:59264] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plugins
[Wed Jun 10 21:44:07.844864 2015] [access_compat:error] [pid 688261:tid 140362043578112] [client 5.189.133.161:59493] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
[Wed Jun 10 21:44:07.846160 2015] [access_compat:error] [pid 688261:tid 140362043578112] [client 5.189.133.161:59493] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plugins
[Wed Jun 10 21:44:08.234826 2015] [access_compat:error] [pid 688250:tid 140362271758080] [client 5.189.133.161:59716] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
[Wed Jun 10 21:44:08.236149 2015] [access_compat:error] [pid 688250:tid 140362271758080] [client 5.189.133.161:59716] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plugins
[Wed Jun 10 21:44:08.625294 2015] [access_compat:error] [pid 688263:tid 140362240288512] [client 5.189.133.161:59947] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
[Wed Jun 10 21:44:08.626347 2015] [access_compat:error] [pid 688263:tid 140362240288512] [client 5.189.133.161:59947] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plugins
[Wed Jun 10 21:44:09.017554 2015] [access_compat:error] [pid 688250:tid 140362075047680] [client 5.189.133.161:60174] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
[Wed Jun 10 21:44:09.019254 2015] [access_compat:error] [pid 688250:tid 140362075047680] [client 5.189.133.161:60174] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plugins
[Wed Jun 10 21:44:09.410814 2015] [access_compat:error] [pid 688263:tid 140362106517248] [client 5.189.133.161:60400] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
[Wed Jun 10 21:44:09.413479 2015] [access_compat:error] [pid 688263:tid 140362106517248] [client 5.189.133.161:60400] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plug
Seems it's an attack to plugins and wp-login.php for same domain. Who knows if this happens with other domain. But thats not my issue. My issue is how do I block it? Is there no setting to block it after certain amount? Any reason why mod security doesn't pickit up before? or is .htaccess rules before modsecurity?
-
oops my mistake. Fixed it by adding the right conf file. 0
Please sign in to leave a comment.
Comments
2 comments