Jump to content

Anti DDoS - WordPress Get Flood


iMer

Recommended Posts

So, this isnt exactly related to Metin2.

But within this day I had two seperate attacks on two unrelated Metin2 Homepages.

People are using WordPress websites to relay requests.

access.log looks something like this:

173.236.144.96 - - [22/Feb/2014:00:57:34 +0100] "GET /?2554596=7542239 HTTP/1.0" 403 162 "-" "WordPress/3.8.1; http://www.graphicdesignblender.com"
195.154.120.142 - - [22/Feb/2014:00:57:34 +0100] "GET / HTTP/1.0" 403 162 "-" "WordPress/3.6.1; http://delicesetdecadence.blog.lemonde.fr"
8.14.117.89 - - [22/Feb/2014:00:57:34 +0100] "GET /?2852111=9681641 HTTP/1.0" 403 162 "-" "WordPress/3.7.1; http://www.garancedore.fr"
65.98.60.98 - - [22/Feb/2014:00:57:34 +0100] "GET /?8331124=3589667 HTTP/1.0" 403 162 "-" "WordPress/3.4.1; http://www.cpcstrategy.com/blog"
69.163.171.127 - - [22/Feb/2014:00:57:34 +0100] "GET /?8798433=9569671 HTTP/1.0" 403 162 "-" "WordPress/3.8.1; http://www.bmeasure.com"
67.205.2.183 - - [22/Feb/2014:00:57:34 +0100] "GET / HTTP/1.0" 403 162 "-" "WordPress/3.8.1; http://unconferenz.com"
109.168.123.104 - - [22/Feb/2014:00:57:34 +0100] "GET /?2400804=4166790 HTTP/1.0" 403 162 "-" "WordPress/3.5.1; http://www.cluster.eu"
97.74.144.211 - - [22/Feb/2014:00:57:34 +0100] "GET / HTTP/1.0" 403 162 "-" "WordPress/3.4.2; http://thenewprosperity.org"
216.92.131.44 - - [22/Feb/2014:00:57:34 +0100] "GET / HTTP/1.0" 403 162 "-" "WordPress/3.8; http://www.triplepundit.com"
89.151.73.40 - - [22/Feb/2014:00:57:34 +0100] "GET /?9155553=5259788 HTTP/1.0" 403 162 "-" "WordPress/3.8.1; http://es.blog.eu.playstation.com"

You can prevent them from overloading your server by simply blocking the WordPress useragent.

You do this on nginx via:

if ($http_user_agent ~* wordpress){
        return 403;
}

Google also pointed me to this, which has a tutorial for Apache

 

 

 

iMer

  • Love 5
Link to post

I was getting this too, from stupid lebanese kids at novametin2

they are going around attacking other servers lately.. would be nice to see their server get destroyed.. they were pestering me with attacks for 2 weeks till I got a Solar Comm. server.

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.