I use ufw and fail2ban, and I’ve come across some behavior I don’t understand, and this leads me to think that something’s not configured correctly. I noticed a ton of POSTs from two IP addresses over and over again that I cannot identify. What’s weird, though, is even if I add them to ufw, they still show in other_vhosts_access.log. These addresses and attempts do not show in access.log, however.
Just to be clear, I added them using “insert” so that the deny statements are above the allow statements for ports 80 and 443. I even tried resetting the rules and starting over.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hi John - If you are using NGinx, you should add the following declaration in your .conf file. As the comment states, it will eliminate your ability to use the WP app. But, XMLRPC attacks are pretty common.
Thwarts XMLRPC attacks, which will also remove your ability to control your blog with the smartphone app
location /xmlrpc.php { deny all; }
As for the firewall rules, note that firewall rules are processed in order. If your IP ban rule is last, other rules take precedence.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.