Issue
How to change the time limits for the xmlrpc.php requests?
Environment
- Imunify360
Solution
Rule 33339 monitors WordPress XML-RPC access attempts.
By default, its configuration is:
"MOD_SEC_BLOCK_BY_CUSTOM_RULE": {
"33339": {
"check_period": 120,
"max_incidents": 10
}The
check_perioddefines the time window in seconds during which repeated incidents from the same IP are counted.The
max_incidentsdefines how many repeated ModSecurity incidents from the same IP are allowed within that time window before the IP is added to the Gray List.If you want to make it more sensitive, you may lower both values. For example:
imunify360-agent config update '{"MOD_SEC_BLOCK_BY_CUSTOM_RULE": {"33339": {"max_incidents": 5, "check_period": 60}}}'This makes the rule stricter by monitoring fewer incidents within a shorter window.
In addition, you can modify the CAPTCHA_DOS parameters to make the Captcha challenge more strict. You can decrease the max_count and increase the timeout – the attackers' IPs will be blocked quickly and for a longer period:
imunify360-agent config update '{"CAPTCHA_DOS": {"enabled": true, "max_count": 50, "time_frame": 21600, "timeout": 864000}}'With such approach custom thresholds can be applied to other Imunify360 monitoring ModSec rules. However, please keep in mind that setting these parameters with a significant difference may affect the valid users.
Useful links
- The description of the parameters is provided here: https://docs.imunify360.com/config_file_description/#config-file-description
- Instructions to apply changes:
https://docs.imunify360.com/config_file_description/#how-to-apply-changes-from-cli
Comments
0 comments
Please sign in to leave a comment.