{"id":80,"date":"2018-10-01T11:22:16","date_gmt":"2018-10-01T11:22:16","guid":{"rendered":"https:\/\/ubuntu.science\/?p=80"},"modified":"2022-04-03T22:20:05","modified_gmt":"2022-04-03T20:20:05","slug":"bloquear-xmlrpc-apache-dominios-ubuntu","status":"publish","type":"post","link":"https:\/\/rootfan.com\/es\/block-xmlrpc-apache-domains-ubuntu\/","title":{"rendered":"Bloquear xmlrpc.php en Apache para todos los dominios en Ubuntu"},"content":{"rendered":"

Estaba teniendo un consumo de CPU muy alto en mi servidor Ubuntu, y la mayor\u00eda de mis sitios web Apache estaban ca\u00eddos.<\/p>\n\n\n\n

Acabo de comprobar los registros de Apache en \/var\/log\/apache2<\/strong> y vi que hab\u00eda alguien haciendo un ataque xmlrpc a mis sitios WordPress.<\/p>\n\n\n\n

54.38.157.178 - - [01\/Oct\/2018:11:28:18 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible: MSIE 7.0; Windows NT 6.0)\"\n54.38.157.178 - - [01\/Oct\/2018:11:28:18 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible: MSIE 7.0; Windows NT 6.0)\"\n54.38.157.178 - - [01\/Oct\/2018:11:28:19 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible: MSIE 7.0; Windows NT 6.0)\"\n54.38.157.178 - - [01\/Oct\/2018:11:28:18 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible: MSIE 7.0; Windows NT 6.0)\"\n54.38.157.178 - - [01\/Oct\/2018:11:28:18 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible: MSIE 7.0; Windows NT 6.0)\"\n54.38.157.178 - - [01\/Oct\/2018:11:27:27 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible: MSIE 7.0; Windows NT 6.0)\"\n54.38.157.178 - - [01\/Oct\/2018:11:27:54 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible: MSIE 7.0; Windows NT 6.0)\"\n54.38.157.178 - - [01\/Oct\/2018:11:28:00 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible: MSIE 7.0; Windows NT 6.0)\"\n54.38.157.178 - - [01\/Oct\/2018:11:27:30 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible: MSIE 7.0; Windows NT 6.0)\"<\/pre><\/pre>\n\n\n\n
La forma m\u00e1s r\u00e1pida de detenerlo ser\u00eda simplemente bloquear ese archivo en el servidor Apache.<\/p>\n\n\n\n\n\n\n\n
Editar este archivo \/etc\/apache2\/apache2.conf<\/strong><\/p>\n\n\n\n
Y a\u00f1ade estas l\u00edneas donde creas conveniente<\/p>\n\n\n\n
orden allow,deny\ndenegar desde todos\n;<\/pre><\/pre>\n\n\n\n
A continuaci\u00f3n, vuelva a cargar apache2 archivos de configuraci\u00f3n con:<\/p>\n\n\n\n
service apache2 reload<\/pre><\/pre>\n\n\n\n
Entonces todos los problemas arreglados, me refiero al alto consumo de CPU, pero usted no ser\u00e1 capaz de utilizar Jetpack para actualizar sus plugins.<\/p>\n\n\n\n
S\u00f3lo tiene que eliminar las 4 l\u00edneas anteriores de apache2.conf y volver a cargar el servidor apache para poder utilizar Jetpack de nuevo para actualizar los plugins.<\/p>\n\n\n\n
Una forma alternativa ser\u00eda bloquear la IP atacante con ufw por ejemplo o incluso mejor configurar fail2ban con ufw.<\/p>","protected":false},"excerpt":{"rendered":"
Estaba teniendo un consumo de CPU muy alto en mi servidor Ubuntu, y la mayor\u00eda de mis sitios web Apache estaban ca\u00eddos. Acabo de ir a revisar los logs de Apache en \/var\/log\/apache2 y he visto que hab\u00eda alguien haciendo un ataque xmlrpc a mis sitios WordPress. 54.38.157.178 - - [01\/Oct\/2018:11:28:18 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 ... <\/p>\n
Seguir leyendo \"Bloquear xmlrpc.php en Apache para todos los Dominios en Ubuntu\"<\/span><\/a><\/p>","protected":false},"author":1,"featured_media":2860,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_focus_keyword":"","rank_math_title":"","rank_math_description":"Learn how to block xmlrpc.php on Apache for all domains on Ubuntu to enhance security and protect against potential attacks.","rank_math_robots":null,"rank_math_og_title":"","rank_math_og_description":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11],"tags":[12,29,13],"class_list":["post-80","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-apache","tag-apache","tag-ubuntu","tag-xmlrpc"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/rootfan.com\/wp-content\/uploads\/pexels-photo-3601425.jpeg?fit=1880%2C1253&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rootfan.com\/es\/wp-json\/wp\/v2\/posts\/80","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rootfan.com\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rootfan.com\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rootfan.com\/es\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rootfan.com\/es\/wp-json\/wp\/v2\/comments?post=80"}],"version-history":[{"count":3,"href":"https:\/\/rootfan.com\/es\/wp-json\/wp\/v2\/posts\/80\/revisions"}],"predecessor-version":[{"id":2862,"href":"https:\/\/rootfan.com\/es\/wp-json\/wp\/v2\/posts\/80\/revisions\/2862"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rootfan.com\/es\/wp-json\/wp\/v2\/media\/2860"}],"wp:attachment":[{"href":"https:\/\/rootfan.com\/es\/wp-json\/wp\/v2\/media?parent=80"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rootfan.com\/es\/wp-json\/wp\/v2\/categories?post=80"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rootfan.com\/es\/wp-json\/wp\/v2\/tags?post=80"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}