Skip to content
Advertisement

How to block unexpected request from multiple ip address in linux server?

I am getting some unexpected request from multiple ip address at a time from last few day. I installed a wordpress site on my server and they people hitting on my wp-login.php page, In log file I saw something like…

Blo [05/Jun/2015:06:19:14 +0200] “POST /wp-login.php HTTP/1.0” 503 2966 “-” “hjelp.tips-info.com” “-“

Then I the change the permission of this file. But I still getting some message in error log file. They people still sending some post request on that file(wp-login.php) and it returned 404 error. Is there something worried? I don’t know.

Is my server getting slow for processing those bad request? this request come from multiple ip address, so I can’t block those ip.

Advertisement

Answer

For php, there’s one quick solution I have. Try to put IP range or specific IP to block.

Not tested but it will work I feel. You might need to make alterations as well for your suitable requirements.

public static function isIpInRange($ip,$rangeArray){
    foreach ($rangeArray as $ipOrRange) {
        if(is_array($ipOrRange)){
            //If $ipOrRange is array then it must be range where 0th element is min range and 1st element is max range
            $min = ip2long($ipOrRange[0]);
            $max = ip2long($ipOrRange[1]);
            if ((ip2long($ip) >= $min) && (ip2long($ip) <= $max)){
                return true;
            }
        }elseif($ip==$ipOrRange){
            return true;
        }
    }
    return false;
}

Hope that helps!!

User contributions licensed under: CC BY-SA
5 People found this is helpful
Advertisement