Skip to content

Instantly share code, notes, and snippets.

@alisspers
Last active December 21, 2015 13:59
Show Gist options
  • Save alisspers/6316530 to your computer and use it in GitHub Desktop.
Save alisspers/6316530 to your computer and use it in GitHub Desktop.
Kod till .htaccess för att hindra botnätens brute-force-attack mot WordPress-sajter och wp-login.php
# Undviker att botnet-attacken ska få göra inloggningsförsök.
# Se här: http://www.warriorforum.com/main-internet-marketing-discussion-forum/789591-how-botnet-attack-looks-like-what-you-can-do-about.html
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_USER_AGENT} Mozilla/5\.0\ \(Windows\ NT\ 6\.1;\ rv\:19\.0\)\ Gecko/20100101\ Firefox/19\.0 [NC]
RewriteCond %{REQUEST_URI} wp-login\.php
RewriteRule .* - [F]
</IfModule>
113.165.233.152 - - [22/Aug/2013:17:36:21 +0200] "POST /wp-login.php HTTP/1.0" 200 4158 "[…domän…]/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0"
@alisspers
Copy link
Author

access.log-filen visar ett exempel på hur angriparnas POST-anrop till wp-login.php såg ut

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment