ConfigServer Community Forum

Can CSF be setup to block a HTTP post attack? We are getting tons of these requests:

178.239.58.59 - - [08/Mar/2014:23:50:16 -0500] "POST /wordpress/xmlrpc.php HTTP/1.0" 404 20531 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
93.174.93.102 - - [08/Mar/2014:23:50:16 -0500] "POST /wordpress/xmlrpc.php HTTP/1.0" 404 19918 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
80.82.64.177 - - [08/Mar/2014:23:50:17 -0500] "POST /wordpress/xmlrpc.php HTTP/1.0" 404 19918 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
94.102.51.10 - - [08/Mar/2014:23:50:17 -0500] "POST /wordpress/xmlrpc.php HTTP/1.0" 404 19918 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
80.82.64.177 - - [08/Mar/2014:23:50:17 -0500] "POST /wordpress/xmlrpc.php HTTP/1.0" 404 19918 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
93.174.93.102 - - [08/Mar/2014:23:50:17 -0500] "POST /wordpress/xmlrpc.php HTTP/1.0" 404 19918 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"

we can block the IP's manually but would like CSF to detect these attacks and block the IP's that are repeatedly hammering the server...

thanks!

You can do what you want creating a REGEX rule that you can set in regex.custom.pm, check the read.me file for instructions.