Hi,
I've noticed XMLRPC is becoming a common method taking down retros on IIS - with particularly ENGLISH habbo retros. It sucks that there are such foolish minds in this scene and was wondering if anyone generous can post a fix on this thread for the greater community.
Thank you
I have also seen this attack method increase massively in the past few weeks, the following fix has not been tested as I use NGINX.
Add this to your web.config:
If that doesn't work try this too and let me know what one works.Code:<rule name="RequestBlockingRule1" stopProcessing="true"> <match url=".*" /> <conditions> <add input="{HTTP_USER_AGENT}" pattern="WordPress" /> </conditions> <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this page." /> </rule>
Let me know if this works, just quickly searched this.Code:<rule name="Imported Rule 1" stopProcessing="true"> <match url="." ignoreCase="false" /> <conditions logicalGrouping="MatchAll"> <add input="{HTTP_USER_AGENT}" pattern="WordPress" ignoreCase="false" /> </conditions> <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" /> </rule>
+ I will be getting a free CDN online shortly which will block this by default.
That method won't help block the XML-RPC attack as there are only some ways through IIS. Also, IIS can be attacked with other methods rather than XML-RPC.Originally Posted by Lewislol
Last edited by R4lph; 13-08-14 at 03:48 PM.
Never heard of that method as I'm not into DDoSsing other people / hacking other people.
Lets see what I can learn from it and might come up with a solution.
---
Edit:
Could you post some logs or anything that might be related?
Last edited by The General; 13-08-14 at 01:39 PM.
GHP - HTTP Get - HTTP Head - HTTP Post -- XMLRPC can be patched in IIS, but GHP can also take down your site, so you'll need to limit the connections or requests, such as weblimits or http limit.
Reply With Quote