Real Problem, Real Solution, Really Fast
From feature request to solution delivery in less than an hour

LiteSpeed Fast

Recently, there have been a number of large-scale brute-force attacks on WordPress sites. These attacks try to bypass WordPress security by attempting to log in with every possible combination of username and password, sometimes sending thousands of requests per second.

Since these attacks began, one of our clients had all 50 of his hosted WordPress sites simultaneously attacked. He was able to mitigate these attacks using LiteSpeed’s mod_security rules, but wanted a way to easily and automatically block these IPs at the server level.

We responded within an hour – modifying our code and publishing a new build that allowed the client to add offending IP addresses to the blocked IP list using mod_security rules. These IPs can then be easily grabbed from the blocked IP list and added to the server level firewall using a script – stopping the connection at the network level before it ever reaches LiteSpeed Web Server.

That’s the kind of speed you can expect from LiteSpeed!

Tags: , , , ,

2 Responses to “Real Problem, Real Solution, Really Fast
From feature request to solution delivery in less than an hour

  1. Guillermo says:

    Hi,

    Congratulations!
    This is fantastic how fast you go!

    In this case. Can you give us more information on the mod_security rules and blocklist.
    Because we have the same problems and we like to expand the security part for our wordpress customers.

    Also when when we can expect the “new” Version with full mod_security support?
    So that we can use the full protection for open worpdress holes. Also the posibility to scan a php file on POST or upload if there are some Backdoors inside? Eg. with clamav.

    Thank you

    Guillermo Kunst
    Happy Customer of Litespeed.

    • Michael Alegre says:

      Hello Guillermo,

      Sorry about the long response time, things have been very busy in this new year!

      In order to use mod_security rules with your blacklist you must first force update to the latest LSWS 5.0.10 build. After this you can now add any IP to your blacklist by changing the rule action to “drop”. For example:

      SecRule ip:bf_block "@gt 0" "deny,status:401,log,...

      would become something like

      SecRule ip:bf_block "@gt 0" "drop,log,...

      As for full mod_security support, we should accomplish this with our upcoming LSWS 5.1 release which will include support for the highly requested @rbl and @inspectfile operators.

      Regards,
      Michael

Leave a Reply