內容簡介
此外掛會紀錄所有失敗的連線嘗試(暴力攻擊)與無效的 pingbacks 請求(透過 xmlrpc.php)。非常有用以透過 fail2ban 處理資料。您可以為每個 pingback 請求功能啟用紀錄,並使用紀錄停止使用者列舉方式(透過重新導向回首頁)。啟用後,此外掛會移除您網站 head 區段中的 WordPress 版本號碼和 meta generator。啟用時,此外掛會停用需要驗證的 xmlrpc 方法,以避免 xmlrpc 的暴力攻擊。如果您不需要這些 xmlrpc 方法,可以使用此功能。啟用後,此外掛可在單一 xmlrpc 呼叫中殺死多個請求,並在 xmlrpc 登入錯誤時返回 401 代碼。此功能可用於避免 xmlrpc 的暴力攻擊造成伺服器過載。您也可以在管理員面板中查看自訂的錯誤記錄。
您可以使用以下方式將錯誤記錄寫入
SYSLOG
APACHE ERROR_LOG
自訂錯誤記錄檔案(使用的路徑需要有寫入權限,否則會使用 APACHE ERROR LOG)
紀錄範例
SYSLOG
Dec 17 14:21:02 webserver wordpress(`SERVER_HTTP_HOST`)[2588]: Authentication failure on [`WORDPRESS_SITE_NAME`] for `USED_LOGIN` from `111.222.333.444`
Dec 17 14:21:02 webserver wordpress(`SERVER_HTTP_HOST`)[2588]: Pingback error `IXR_ERROR_CODE` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`
Dec 17 14:21:02 webserver wordpress(`SERVER_HTTP_HOST`)[2588]: Pingback requested for `PINGBACK_URL` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`
Dec 17 14:21:02 webserver wordpress(`SERVER_HTTP_HOST`)[2588]: User enumeration attempt generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`
APACHE
[Thu Dec 17 14:23:33.662339 2015] [:error] [pid 2580:tid 140001350244096] [client 111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`) Authentication failure on [`WORDPRESS_SITE_NAME`] for `USED_LOGIN` from `111.222.333.444`, referer: SITE_ADDRESS/wp-login.php
[Thu Dec 17 14:23:33.662339 2015] [:error] [pid 2580:tid 140001350244096] [client 111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`) Pingback error `IXR_ERROR_CODE` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`, referer: SITE_ADDRESS/xmlrpc.php
[Thu Dec 17 14:23:33.662339 2015] [:error] [pid 2580:tid 140001350244096] [client 111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`) Pingback requested for `PINGBACK_URL` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`, referer: SITE_ADDRESS/xmlrpc.php
[Thu Dec 17 14:23:33.662339 2015] [:error] [pid 2580:tid 140001350244096] [client 111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`) User enumeration attempt generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`
自訂
[Thu Dec 17 14:25:34.000000 2015] wordpress(`SERVER_HTTP_HOST`) Authentication failure on [`WORDPRESS_SITE_NAME`] for `USED_LOGIN` from `111.222.333.444`
[Thu Dec 17 14:25:34.000000 2015] wordpress(`SERVER_HTTP_HOST`) Pingback error `IXR_ERROR_CODE` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`
[Thu Dec 17 14:25:34.000000 2015] wordpress(`SERVER_HTTP_HOST`) Pingback requested for `PINGBACK_URL` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`
[Thu Dec 17 14:25:34.000000 2015] wordpress(`SERVER_HTTP_HOST`) User enumeration attempt generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`
fail2ban 設定
請參考 FAQ 部分
紀錄檢視器
紀錄檢視器僅在自訂模式中提供。注意:錯誤記錄檔案必須存在且路徑正確。
語言本地化
English (default) &#
外掛標籤
開發者團隊
② 後台搜尋「Authentication and xmlrpc log writer」→ 直接安裝(推薦)
原文外掛簡介
This plugin writes the log of failed access attempts (brute force attack) and invalids pingbacks requests ( by xmlrpc.php ). Very useful to process data via fail2ban.
You can activate the log for each pingback request feature and stop the user enumeration method (by redirecting to the home) with log.
If activated it remove the wordpress version number and meta generator in the head section of your site.
If activated it disable xmlrpc methods that require authentication, in order to avoid brute force attack by xmlrpc. Use this feature if you don’t need these xmlrpc methods.
If activated can kill multiple requests in a single xmlrpc call returning a 401 code on xmlrpc login error. This feature may be useful to prevent server overloading on brute force attack by xmlrpc.
You can also view your CUSTOM error log in the admin panel.
You can write error by
SYSLOG
APACHE ERROR_LOG
CUSTOM a custom error log file (the used path need to be writable or APACHE ERROR LOG wil be used)
Log examples
SYSLOG
Dec 17 14:21:02 webserver wordpress(`SERVER_HTTP_HOST`)[2588]: Authentication failure on [`WORDPRESS_SITE_NAME`] for `USED_LOGIN` from `111.222.333.444`
Dec 17 14:21:02 webserver wordpress(`SERVER_HTTP_HOST`)[2588]: Pingback error `IXR_ERROR_CODE` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`
Dec 17 14:21:02 webserver wordpress(`SERVER_HTTP_HOST`)[2588]: Pingback requested for `PINGBACK_URL` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`
Dec 17 14:21:02 webserver wordpress(`SERVER_HTTP_HOST`)[2588]: User enumeration attempt generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`
APACHE
[Thu Dec 17 14:23:33.662339 2015] [:error] [pid 2580:tid 140001350244096] [client 111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`) Authentication failure on [`WORDPRESS_SITE_NAME`] for `USED_LOGIN` from `111.222.333.444`, referer: SITE_ADDRESS/wp-login.php
[Thu Dec 17 14:23:33.662339 2015] [:error] [pid 2580:tid 140001350244096] [client 111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`) Pingback error `IXR_ERROR_CODE` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`, referer: SITE_ADDRESS/xmlrpc.php
[Thu Dec 17 14:23:33.662339 2015] [:error] [pid 2580:tid 140001350244096] [client 111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`) Pingback requested for `PINGBACK_URL` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`, referer: SITE_ADDRESS/xmlrpc.php
[Thu Dec 17 14:23:33.662339 2015] [:error] [pid 2580:tid 140001350244096] [client 111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`) User enumeration attempt generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`
CUSTOM
[Thu Dec 17 14:25:34.000000 2015] wordpress(`SERVER_HTTP_HOST`) Authentication failure on [`WORDPRESS_SITE_NAME`] for `USED_LOGIN` from `111.222.333.444`
[Thu Dec 17 14:25:34.000000 2015] wordpress(`SERVER_HTTP_HOST`) Pingback error `IXR_ERROR_CODE` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`
[Thu Dec 17 14:25:34.000000 2015] wordpress(`SERVER_HTTP_HOST`) Pingback requested for `PINGBACK_URL` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`
[Thu Dec 17 14:25:34.000000 2015] wordpress(`SERVER_HTTP_HOST`) User enumeration attempt generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`
fail2ban configuration
See the FAQ section
Log viewer
Log viewer is available only in CUSTOM mode. Note: the log path and the file must exist.
Localization
English (default) – always included
Italian – since 1.1.3 version
Translations
English – default, always included
Italiano – disponibile dalla versione 1.1.3
Note: Feel free to translate this plugin in your language. This is very important for all users worldwide. So please contribute your language to the plugin to make it even more useful. For translating I recommend the “Poedit Editor”.
