Block magento rss bruteforce attacks

Lately I’ve noticed increased scan activity for the /rss/ directory, access logs show something like this :


193.201.224.150 - Birdie [17/Jun/2016:02:16:01 -0500] "GET /rss/catalog/review/ HTTP/1.1" 403 135 "-" "-"
193.201.224.40 - senthil [17/Jun/2016:02:21:52 -0500] "GET /rss/catalog/notifystock/ HTTP/1.1" 403 135 "-" "-"

To block I’ve added to nginx configuration the following:


location ~* /rss/catalog/notifystock {
return 403;
}
location ~* /rss/catalog/review {
return 403;
}
location ~* /rss/order/new {
return 403;
}

The Bruteforce will persist even if the rss module is disabled from Magento.

Few resources:

Leave a Reply

Your email address will not be published. Required fields are marked *