Follow

okay how do I block HTTP POST from IPs either in an DNSBL (preferably) or a geoip blacklist on shared hosting... would even take a solution that watches logs and updates a firewall, but I don't think fail2ban will run as a cron job.

@deutrino What webserver / app engine are you running?

If the traffic's TLS/SSL you won't be able to inspect packets at a firewall level, so you're going to have to rely on the web engine itself.

@dredmorbius I should probably actually figure out at this point whether it's Apache or Litespeed serving this PHP (Wordpress) site. I don't trust what support or documentation says on this host.

What I'd really like to do is block HTTP[S] POST from IPs in a blacklist with similar breadth to abuseat.org/ - though it doesn't need to be a DNSBL. It just needs to catch most of the IPs trying to brute force the site.

@deutrino So, WP-specific tools are another possibility to look at. I'm not familiar with those.

@dredmorbius I couldn't actually find anything in the plugin ecosystem that blocks *logins* with a 3rd-party blacklist... it'd probably be simple to write....... but I'm not gonna get paid to do that. -_-

So I was looking for another way.

@dredmorbius It's LiteSpeed + PHP btw. I'm not rly familiar with it but it apparently supports htaccess files.

@dredmorbius I found some alternatives... a lightweight Wordpress plugin[1] and also upon digging found that the brute force attack requests are all from the same bogus User-Agent. If one doesn't work, the other will, for this particular incursion.

1. wordpress.org/plugins/block-ba

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!