Jump to content

Anti DDoS - WordPress Get Flood


Recommended Posts

So, this isnt exactly related to Metin2.

But within this day I had two seperate attacks on two unrelated Metin2 Homepages.

People are using WordPress websites to relay requests.

access.log looks something like this:

173.236.144.96 - - [22/Feb/2014:00:57:34 +0100] "GET /?2554596=7542239 HTTP/1.0" 403 162 "-" "WordPress/3.8.1; http://www.graphicdesignblender.com"
195.154.120.142 - - [22/Feb/2014:00:57:34 +0100] "GET / HTTP/1.0" 403 162 "-" "WordPress/3.6.1; http://delicesetdecadence.blog.lemonde.fr"
8.14.117.89 - - [22/Feb/2014:00:57:34 +0100] "GET /?2852111=9681641 HTTP/1.0" 403 162 "-" "WordPress/3.7.1; http://www.garancedore.fr"
65.98.60.98 - - [22/Feb/2014:00:57:34 +0100] "GET /?8331124=3589667 HTTP/1.0" 403 162 "-" "WordPress/3.4.1; http://www.cpcstrategy.com/blog"
69.163.171.127 - - [22/Feb/2014:00:57:34 +0100] "GET /?8798433=9569671 HTTP/1.0" 403 162 "-" "WordPress/3.8.1; http://www.bmeasure.com"
67.205.2.183 - - [22/Feb/2014:00:57:34 +0100] "GET / HTTP/1.0" 403 162 "-" "WordPress/3.8.1; http://unconferenz.com"
109.168.123.104 - - [22/Feb/2014:00:57:34 +0100] "GET /?2400804=4166790 HTTP/1.0" 403 162 "-" "WordPress/3.5.1; http://www.cluster.eu"
97.74.144.211 - - [22/Feb/2014:00:57:34 +0100] "GET / HTTP/1.0" 403 162 "-" "WordPress/3.4.2; http://thenewprosperity.org"
216.92.131.44 - - [22/Feb/2014:00:57:34 +0100] "GET / HTTP/1.0" 403 162 "-" "WordPress/3.8; http://www.triplepundit.com"
89.151.73.40 - - [22/Feb/2014:00:57:34 +0100] "GET /?9155553=5259788 HTTP/1.0" 403 162 "-" "WordPress/3.8.1; http://es.blog.eu.playstation.com"

You can prevent them from overloading your server by simply blocking the WordPress useragent.

You do this on nginx via:

if ($http_user_agent ~* wordpress){
        return 403;
}

Google also pointed me to this, which has a tutorial for Apache

 

 

 

iMer

  • Love 5
Link to comment
Share on other sites

Announcements



×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.