{"id":80,"date":"2018-10-01T11:22:16","date_gmt":"2018-10-01T11:22:16","guid":{"rendered":"https:\/\/ubuntu.science\/?p=80"},"modified":"2022-04-03T22:20:05","modified_gmt":"2022-04-03T20:20:05","slug":"bloquer-xmlrpc-apache-domaines-ubuntu","status":"publish","type":"post","link":"https:\/\/rootfan.com\/fr\/block-xmlrpc-apache-domains-ubuntu\/","title":{"rendered":"Bloquer xmlrpc.php sur Apache pour tous les domaines sur Ubuntu"},"content":{"rendered":"

J'avais une tr\u00e8s forte consommation de CPU sur mon serveur Ubuntu, et la plupart de mes sites web Apache \u00e9taient hors service.<\/p>\n\n\n\n

Je viens de v\u00e9rifier les journaux d'Apache sur \/var\/log\/apache2<\/strong> et j'ai vu que quelqu'un faisait une attaque xmlrpc sur mes sites WordPress.<\/p>\n\n\n\n

54.38.157.178 - - [01\/Oct\/2018:11:28:18 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible : MSIE 7.0 ; Windows NT 6.0)\"\n54.38.157.178 - - [01\/Oct\/2018:11:28:18 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible : MSIE 7.0 ; Windows NT 6.0)\"\n54.38.157.178 - - [01\/Oct\/2018:11:28:19 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible : MSIE 7.0 ; Windows NT 6.0)\"\n54.38.157.178 - - [01\/Oct\/2018:11:28:18 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible : MSIE 7.0 ; Windows NT 6.0)\"\n54.38.157.178 - - [01\/Oct\/2018:11:28:18 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible : MSIE 7.0 ; Windows NT 6.0)\"\n54.38.157.178 - - [01\/Oct\/2018:11:27:27 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible : MSIE 7.0 ; Windows NT 6.0)\"\n54.38.157.178 - - [01\/Oct\/2018:11:27:54 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible : MSIE 7.0 ; Windows NT 6.0)\"\n54.38.157.178 - - [01\/Oct\/2018:11:28:00 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible : MSIE 7.0 ; Windows NT 6.0)\"\n54.38.157.178 - - [01\/Oct\/2018:11:27:30 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 \"-\" \"Mozilla\/4.0 (compatible : MSIE 7.0 ; Windows NT 6.0)\"<\/pre><\/pre>\n\n\n\n
Le moyen le plus rapide de l'arr\u00eater serait de bloquer ce fichier sur le serveur Apache.<\/p>\n\n\n\n\n\n\n\n
Modifier ce fichier \/etc\/apache2\/apache2.conf<\/strong><\/p>\n\n\n\n
Et ajoutez ces lignes l\u00e0 o\u00f9 vous le souhaitez<\/p>\n\n\n\n
ordre allow,deny\ndeny from all\n;<\/pre><\/pre>\n\n\n\n
Ensuite, rechargez les fichiers de configuration d'apache2 avec :<\/p>\n\n\n\n
service apache2 reload<\/pre><\/pre>\n\n\n\n
Alors tous les probl\u00e8mes seront r\u00e9solus, je veux dire la consommation \u00e9lev\u00e9e de CPU, mais vous ne pourrez pas utiliser Jetpack pour mettre \u00e0 jour vos plugins.<\/p>\n\n\n\n
Il suffit de supprimer les 4 lignes ci-dessus du fichier apache2.conf et de recharger le serveur apache pour pouvoir \u00e0 nouveau utiliser Jetpack pour mettre \u00e0 jour les plugins.<\/p>\n\n\n\n
Une autre solution serait de bloquer l'IP attaquante avec ufw par exemple ou mieux encore de configurer fail2ban avec ufw.<\/p>","protected":false},"excerpt":{"rendered":"
J'avais une tr\u00e8s forte consommation de CPU sur mon serveur Ubuntu, et la plupart de mes sites web Apache \u00e9taient hors service. Je suis all\u00e9 v\u00e9rifier les journaux Apache sur \/var\/log\/apache2 et j'ai vu que quelqu'un faisait une attaque xmlrpc sur mes sites WordPress. 54.38.157.178 - - [01\/Oct\/2018:11:28:18 +0200] \"POST \/xmlrpc.php HTTP\/1.0\" 500 556 ... <\/p>\n
Continuer la lecture de \" Bloquer xmlrpc.php sur Apache pour tous les domaines sur Ubuntu \"<\/span><\/a><\/p>","protected":false},"author":1,"featured_media":2860,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_focus_keyword":"","rank_math_title":"","rank_math_description":"Learn how to block xmlrpc.php on Apache for all domains on Ubuntu to enhance security and protect against potential attacks.","rank_math_robots":null,"rank_math_og_title":"","rank_math_og_description":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11],"tags":[12,29,13],"class_list":["post-80","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-apache","tag-apache","tag-ubuntu","tag-xmlrpc"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/rootfan.com\/wp-content\/uploads\/pexels-photo-3601425.jpeg?fit=1880%2C1253&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rootfan.com\/fr\/wp-json\/wp\/v2\/posts\/80","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rootfan.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rootfan.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rootfan.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rootfan.com\/fr\/wp-json\/wp\/v2\/comments?post=80"}],"version-history":[{"count":3,"href":"https:\/\/rootfan.com\/fr\/wp-json\/wp\/v2\/posts\/80\/revisions"}],"predecessor-version":[{"id":2862,"href":"https:\/\/rootfan.com\/fr\/wp-json\/wp\/v2\/posts\/80\/revisions\/2862"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rootfan.com\/fr\/wp-json\/wp\/v2\/media\/2860"}],"wp:attachment":[{"href":"https:\/\/rootfan.com\/fr\/wp-json\/wp\/v2\/media?parent=80"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rootfan.com\/fr\/wp-json\/wp\/v2\/categories?post=80"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rootfan.com\/fr\/wp-json\/wp\/v2\/tags?post=80"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}