[wordpress插件] Authentication and xmlrpc log writer身份验证和xmlrpc日志编写器

wordpress 插件 文章 2020-02-23 09:40 477 0 全屏看文

AI助手支持GPT4.0

评分
100
描述

This plugin writes the log of failed access attempts (brute force attack) and invalids pingbacks requests ( by xmlrpc.php ).

此插件写入访问尝试失败(强力攻击)的日志,并使pingbacks请求无效(通过xmlrpc.php)。

Very useful to process data via fail2ban.

通过fail2ban处理数据非常有用。

You can activate the log for each pingback request feature and stop the user enumeration method (by redirecting to the home) with log.

您可以为每个pingback请求功能激活日志,并通过日志停止用户枚举方法(通过重定向到主目录)。

If activated it remove the wordpress version number and meta generator in the head section of your site.

如果激活,则删除网站头部的wordpress版本号和meta生成器。

If activated it disable xmlrpc methods that require authentication, in order to avoid brute force attack by xmlrpc.

如果激活,它将禁用需要身份验证的xmlrpc方法,以避免xmlrpc的暴力攻击。

Use this feature if you don’t need these xmlrpc methods.

如果您不需要这些xmlrpc方法,请使用此功能。

If activated can kill multiple requests in a single xmlrpc call returning a 401 code on xmlrpc login error.

如果激活,则可以在单个xmlrpc调用中杀死多个请求,并返回关于xmlrpc登录错误的401代码。

This feature may be useful to prevent server overloading on brute force attack by xmlrpc.

此功能对于防止服务器因xmlrpc的强力攻击而过载是有用的。

You can also view your CUSTOM error log in the admin panel.

您还可以在管理面板中查看CUSTOM错误日志。

You can write error by

您可以通过以下方式写错误

    1. SYSLOG
    2. SYSLOG

    3. APACHE ERROR_LOG
    4. APACHE ERROR_LOG

    5. CUSTOM a custom error log file (the used path need to be writable or APACHE ERROR LOG wil be used)
    6. 自定义自定义错误日志文件(使用的路径必须可写,否则将使用APACHE ERROR LOG)

    Log examples

    日志示例

      • SYSLOG

        SYSLOG

        Dec 17 14:21:02 webserver wordpress(`SERVER_HTTP_HOST`)[2588]: Authentication failure on [`WORDPRESS_SITE_NAME`] for `USED_LOGIN` from `111.222.333.444`

          12月17日14:21:02网络服务器wordpress(`SERVER_HTTP_HOST`)[2588]:来自[111.222.333.444]的[USED_LOGIN]的[WORDWORD_SITE_NAME`]身份验证失败

        Dec 17 14:21:02 webserver wordpress(`SERVER_HTTP_HOST`)[2588]: Pingback error `IXR_ERROR_CODE` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`

        12月17日14:21:02网络服务器wordpress(`SERVER_HTTP_HOST`)[2588]:在[`WORDPRESS_SITE_NAME`]上从111.222.333.444生成了Pingback错误`IXR_ERROR_CODE`。

        Dec 17 14:21:02 webserver wordpress(`SERVER_HTTP_HOST`)[2588]: Pingback requested for `PINGBACK_URL` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`

        12月17日14:21:02网络服务器wordpress(`SERVER_HTTP_HOST`)[2588]:Pingback请求从“ 111.222.333.444”在[WORDWORD_SITE_NAME`]上生成的“ PINGBACK_URL”

        Dec 17 14:21:02 webserver wordpress(`SERVER_HTTP_HOST`)[2588]: User enumeration attempt generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`

        12月17日14:21:02网络服务器wordpress(`SERVER_HTTP_HOST`)[2588]:[111.222.333.444]在[`WORDPRESS_SITE_NAME`]上生成的用户枚举尝试

      • APACHE

        APACHE

        [Thu Dec 17 14:23:33.662339 2015] [:error] [pid 2580:tid 140001350244096] [client 111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`) Authentication failure on [`WORDPRESS_SITE_NAME`]

          [2015年12月17日星期四14:23:33.662339] [:错误] [pid 2580:tid 140001350244096] [客户端111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`)[WORDWORD_SITE_NAME]上的身份验证失败

        for `USED_LOGIN` from `111.222.333.444`, referer: SITE_ADDRESS/wp-login.php

        对于来自`111.222.333.444`的`USED_LOGIN`,引用者:SITE_ADDRESS / wp-login.php

        [Thu Dec 17 14:23:33.662339 2015] [:error] [pid 2580:tid 140001350244096] [client 111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`) Pingback error `IXR_ERROR_CODE` generated on [`WORDPRESS_SITE_NAME`] from `

        [Thu Dec 17 14:23:33.662339 2015] [:错误] [pid 2580:tid 140001350244096] [客户端111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`)Pingback错误`IXR_ERROR_CODE`在[`WORDPRESS_SITE_NAME`]上从`生成

        111.222.333.444`, referer: SITE_ADDRESS/xmlrpc.php

        111.222.333.444`,引荐网址:SITE_ADDRESS / xmlrpc.php

        [Thu Dec 17 14:23:33.662339 2015] [:error] [pid 2580:tid 140001350244096] [client 111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`) Pingback requested for `PINGBACK_URL` generated on [`WORDPRESS_SITE_NAME`] from

        [Thu Dec 17 14:23:33.662339 2015] [:错误] [pid 2580:tid 140001350244096] [客户端111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`)Pingback请求从[WORDWORD_SITE_NAME`]上生成的PINGBACK_URL`

        `111.222.333.444`, referer: SITE_ADDRESS/xmlrpc.php

        `111.222.333.444`,引荐来源网址:SITE_ADDRESS / xmlrpc.php

        [Thu Dec 17 14:23:33.662339 2015] [:error] [pid 2580:tid 140001350244096] [client 111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`) User enumeration attempt generated on [`WORDPRESS_SITE_NAME`] from `111.222.

        [Thu Dec 17 14:23:33.662339 2015] [:错误] [pid 2580:tid 140001350244096] [客户端111.222.333.444:52599] wordpress(`SERVER_HTTP_HOST`)用户枚举尝试是从111.222在[WORDPRESS_SITE_NAME`]上生成的。

        333.444`

        333.444`

      • CUSTOM

        自定义

        [Thu Dec 17 14:25:34.000000 2015] wordpress(`SERVER_HTTP_HOST`) Authentication failure on [`WORDPRESS_SITE_NAME`] for `USED_LOGIN` from `111.222.333.444`

          [2015年12月17日星期四14:25:34.000000] wordpress(`SERVER_HTTP_HOST`)对来自`111.222.333.444`的`USED_LOGIN`的身份验证失败

        [Thu Dec 17 14:25:34.000000 2015] wordpress(`SERVER_HTTP_HOST`) Pingback error `IXR_ERROR_CODE` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`

        [2015年12月17日星期四14:25:34.000000] wordpress(`SERVER_HTTP_HOST`)Pingback错误`IXR_ERROR_CODE`在[`WORDPRESS_SITE_NAME`]上从`111.222.333.444`生成

        [Thu Dec 17 14:25:34.000000 2015] wordpress(`SERVER_HTTP_HOST`) Pingback requested for `PINGBACK_URL` generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`

        [2015年12月17日星期四14:25:34.000000] wordpress(`SERVER_HTTP_HOST`)Pingback请求从[111.222.333.444]在[WORDWORD_SITE_NAME`]上生成的PINGBACK_URL`。

        [Thu Dec 17 14:25:34.000000 2015] wordpress(`SERVER_HTTP_HOST`) User enumeration attempt generated on [`WORDPRESS_SITE_NAME`] from `111.222.333.444`

        [2015年12月17日星期四14:25:34.000000] wordpress(`SERVER_HTTP_HOST`)用户枚举尝试是从111.222.333.444在[`WORDPRESS_SITE_NAME`]上生成的。

      fail2ban configuration

      fail2ban配置

      See the FAQ section

      请参阅“常见问题解答”部分

      Log viewer

      日志查看器

      Log viewer is available only in CUSTOM mode.

      日志查看器仅在自定义模式下可用。

      Note: the log path and the file must exist.

      注意:日志路径和文件必须存在。

      Localization

      本地化

        • English (default) – always included
        • 英语(默认)–始终包含

        • Italian – since 1.1.3 version
        • 意大利语-自1.1.3版本起

        Translations

        翻译

          • English – default, always included
          • 英语-默认,始终包含

          • Italiano – disponibile dalla versione 1.1.3
          • Italiano –达拉斯版1.1.3版

          Note: Feel free to translate this plugin in your language.

          注意:随时用您的语言翻译此插件。

          This is very important for all users worldwide.

          这对于全球所有用户而言非常重要。

          So please contribute your language to the plugin to make it even more useful.

          因此,请为插件贡献您的语言以使其更加有用。

          For translating I recommend the “Poedit Editor”.

          对于翻译,我建议使用“ Poedit编辑器”

安装步骤

Minimum Requirements

最低要求

    • WordPress 3.5 or greater
    • WordPress 3.5或更高版本

    • PHP version 4 or greater
    • PHP版本4或更高版本

    Automatic installation

    自动安装

    Automatic installation is the easiest option as WordPress handles the file transfers itself and you don’t need to leave your web browser.

    自动安装是最简单的选项,因为WordPress会自行处理文件传输,因此您无需离开网络浏览器。

    To do an automatic install of “authentication and xmlrpc log writer”, log in to your WordPress dashboard, navigate to the Plugins menu and click Add New.

    要自动安装“身份验证和xmlrpc日志编写器”,请登录WordPress仪表板,导航至“插件”菜单,然后单击“添加”。

    In the search field type “authentication and xmlrpc log writer” and click Search Plugins.

    在搜索字段中输入“ authentication and xmlrpc log writer”,然后单击“搜索插件”。

    Once you’ve found our plugin you can view details about it such as the the point release, rating and description.

    找到我们的插件后,您可以查看有关它的详细信息,例如积分发行,评分和说明。

    Most importantly of course, you can install it by simply clicking “Install Now”.

    当然,最重要的是,您只需单击“立即安装”即可安装它。

    Manual installation

    手动安装

      1. Upload authentication-and-xmlrpc-log-writer.php to the /wp-content/plugins/ directory or install via zip
      2. authentication-and-xmlrpc-log-writer.php 上载到 / wp-content / plugins / 目录或通过zip安装

      3. Activate the plugin through the ‘Plugins’ menu in WordPress
      4. 通过WordPress中的“插件”菜单激活插件

下载地址
https://downloads.wordpress.org/plugin/authentication-and-xmlrpc-log-writer.1.2.2.zip
-EOF-

AI助手支持GPT4.0