WordPress XML-RPC BruteForce

Discussion in 'Инструменты' started by proexp, 18 Aug 2016.

  1. proexp

    proexp Member

    Joined:
    20 Jan 2016
    Messages:
    6
    Likes Received:
    9
    Reputations:
    0
    #1 proexp, 18 Aug 2016
    okprodam likes this.
  2. pas9x

    pas9x Elder - Старейшина

    Joined:
    13 Oct 2012
    Messages:
    423
    Likes Received:
    585
    Reputations:
    52
    Вот почему всегда надо делать это:

    ngx:
    Code:
    location ~ \/(wp-blog-header|wp-activate|wp-config|wp-config-sample|wp-links-opml|wp-load|wp-mail|wp-settings|wp-signup|wp-trackback|xmlrpc)\.php {
deny all;
}
    a patchy:
    Code:
    <Files xmlrpc.php>
deny from all
</Files>
    Этот xmlrpc никому с роду не нужен а проблем от него хренова гора.

    А ещё можно делать так:
    Code:
    location ~ \/(wp-includes|wp-admin|phpinfo\.php) {
location ~\.(css|js|swf|png|gif|jpe?g|svg) {
}
location ~ .* {
auth_basic "Zone 51";
auth_basic_user_file /path/to/htpasswd;
location ~ \.php$ {
...php config...
}
}
}
    и тогда твой сайт вообще непохек.
     
    #2 pas9x, 19 Aug 2016
    3Mind likes this.
  3. dastok

    dastok Banned

    Joined:
    20 Oct 2013
    Messages:
    0
    Likes Received:
    2
    Reputations:
    0
    ....
     
    #3 dastok, 7 Feb 2017
    Last edited: 21 Dec 2017
(You must log in or sign up to post here.)
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.