Excess CPU usage – WordFence not blocking IPs

  • One of my customers is being told by her hosting company that she’s using too much CPU usage. Their recent email included this excerpt from their server logs. They manually blocked this IP address. Can you tell me why WordFence didn’t block it?

    Domlogs:
    =======
    /opt/hosting/logs/domlogs/domainname.com:204.12.255.130 – – [26/Sep/2016:20:15:14 -0700] “POST //xmlrpc.php HTTP/1.1” 301 304 “-” “-”
    /opt/hosting/logs/domlogs/domainname.com:204.12.255.130 – – [26/Sep/2016:20:15:14 -0700] “POST //xmlrpc.php HTTP/1.1” 301 304 “-” “-”
    /opt/hosting/logs/domlogs/domainname.com:204.12.255.130 – – [26/Sep/2016:20:15:14 -0700] “POST //xmlrpc.php HTTP/1.1” 301 304 “-” “-”
    /opt/hosting/logs/domlogs/domainname.com:204.12.255.130 – – [26/Sep/2016:20:15:14 -0700] “POST //xmlrpc.php HTTP/1.1” 301 304 “-” “-”
    /opt/hosting/logs/domlogs/domainname.com:204.12.255.130 – – [26/Sep/2016:20:15:14 -0700] “POST //xmlrpc.php HTTP/1.1” 301 304 “-” “-”
    /opt/hosting/logs/domlogs/domainname.com:204.12.255.130 – – [26/Sep/2016:20:15:14 -0700] “POST //xmlrpc.php HTTP/1.1” 301 304 “-” “-”
    /opt/hosting/logs/domlogs/domainname.com:204.12.255.130 – – [26/Sep/2016:20:15:14 -0700] “POST //xmlrpc.php HTTP/1.1” 301 304 “-” “-”
    /opt/hosting/logs/domlogs/domainname.com:204.12.255.130 – – [26/Sep/2016:20:15:14 -0700] “POST //xmlrpc.php HTTP/1.1” 301 304 “-” “-”
    /opt/hosting/logs/domlogs/domainname.com:204.12.255.130 – – [26/Sep/2016:20:15:14 -0700] “POST //xmlrpc.php HTTP/1.1” 301 304 “-” “-”
    /opt/hosting/logs/domlogs/domainname.com:204.12.255.130 – – [26/Sep/2016:20:15:14 -0700] “POST //xmlrpc.php HTTP/1.1” 301 304 “-” “-”
    /opt/hosting/logs/domlogs/domainname.com:204.12.255.130 – – [26/Sep/2016:20:15:14 -0700] “POST //xmlrpc.php HTTP/1.1” 301 304 “-” “-”
    /opt/hosting/logs/domlogs/domainname.com:204.12.255.130 – – [26/Sep/2016:20:15:14 -0700] “POST //xmlrpc.php HTTP/1.1” 301 304 “-” “-”
    ======

    Also, back in March, this same issue arose with XMLRPC and the hosting company added this to .htaccess which I thought was supposed to prevent it from happening again:

    <IfModule mod_alias.c>
    Redirect 301 /xmlrpc.php https://127.0.0.1
    </IfModule>

    Any tips are welcome. We don’t understand why WordFence didn’t step in.

Viewing 1 replies (of 1 total)

  • My recommendation is to add this to the htaccess

    # Block WordPress xmlrpc.php requests
    <Files xmlrpc.php>
    order deny,allow
    deny from all
    allow from YOUR_IP_ADDRESS
    </Files>

Viewing 1 replies (of 1 total)
  • The topic ‘Excess CPU usage – WordFence not blocking IPs’ is closed to new replies.