I have a wordpress site. recently under a serious ddos attack in wp-login.php
. I have renamed wp-login.php
to a new mysitename-login.php
. and creat a new empty file with name wp-login.php
. I have joined cloudflare, still received attack log in access_log
. I have tried mod_evasive
, but it will kill googlebot
Now I am manully add them into my .htaccess
like
<Limit GET POST>
order allow,deny
deny from 108.162.253.180
deny from 173.245.48.134
deny from 173.245.49.187
deny from 173.245.51.180
deny from 173.245.54.66
deny from 108.162.219.
deny from 109.239.235.
allow from all
</Limit>
And I have an idea to create the .htaccess
dynamic.
in current wp-login.php
$ip=$_SERVER['REMOTE_ADDR'];
// INSERT INTO ip_table (ip) values ($ip);
// ip is unique index
$html='<Limit GET POST>/n/r'
$html.=//select * from ip_table loop all
$html.='allow from all/n/r</Limit>';
$html.=<<<TXT
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
TXT;
file_put_content($html,'/var/www/html/.htaccess');
But I am afraid, if there have some problem during the file_put_content, the .htaccess
is broken, my site will be broken too...
Any better way, to create a blacklist by using the robot access wp_login.php
and no risk to be broken site?
Thanks.
Instead of creating a Blacklist, why not make a Whitelist? This wouldn't work if you allow all users to login to Wordpress, for example if you're using a membership plugin, but if only you and a few select Admins login, then just get everyone's IP address and add those to your .htaccess file like this:
## Prevent anyone not on my ip whitelist from accessing wp admin
RewriteCond %{REQUEST_URI} ^(/wp-admin|/wp-login.php).*$
RewriteCond %{REMOTE_ADDR} !=111.111.111.111
RewriteCond %{REMOTE_ADDR} !=222.222.222.222
RewriteCond %{REMOTE_ADDR} !=333.333.333.333
RewriteRule ^.*$ / [R=301,L]
What about using mod_evasive for Apache? This way you can easily block all IPs that try to connect to the certain URL very often in a short period of time.
You could block all IPs that will try to connect to your fake login page as well.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.