Created
May 20, 2024 22:52
-
-
Save stefanpejcic/092902b38e428967df260aab10e2cea1 to your computer and use it in GitHub Desktop.
Disable access to xmprpc.php for all domains in Nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Threshold for the number of xmlrpc processes indicating an attack | |
THRESHOLD=50 | |
# Path to the custom Nginx configuration include file | |
NGINX_CONF="/etc/nginx/conf.d/custom_code_for_all_domains.conf" | |
# Function to log the change | |
log_change() { | |
echo "$(date): Nginx configuration updated to block xmlrpc.php due to high number of xmlrpc processes" >> /var/log/nginx_xmlrpc_block.log | |
} | |
# Check the number of xmlrpc processes running | |
NUM_PROCESSES=$(ps aux | grep -v grep | grep -c xmlrpc) | |
if (( NUM_PROCESSES > THRESHOLD )); then | |
echo "Server under attack, number of xmlrpc processes: $NUM_PROCESSES" | |
# Create or update the Nginx configuration to block xmlrpc.php | |
cat <<EOL > $NGINX_CONF | |
server { | |
location = /xmlrpc.php { | |
return 301 http://127.0.0.1/; | |
} | |
} | |
EOL | |
# Test the Nginx configuration | |
nginx -t | |
if [ $? -eq 0 ]; then | |
# Reload Nginx to apply the changes | |
systemctl reload nginx | |
# Log the change | |
log_change | |
else | |
echo "Nginx configuration test failed. Changes not applied." | |
fi | |
else | |
echo "Server not under attack, number of xmlrpc processes: $NUM_PROCESSES" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment