Simple tool for load-testing HTTP server

Today I came across a very simple tool for load-testing. It’s called AB and come with Apache HTTP Server. The command line arguments are very simple: ab -n 10000 -c 10 http://your_web_site/url.html Where -n is the number of successful requests and -c is the number of concurrence connections. If you want to have more control over the URL you want to test, and much more, I recommend JMeter (also from Apache) Source: http://serverfault.com/questions/2107/tools-for-load-testing-http-servers

Quick and dirty way to prevent XML-RPC Pingback Attacks

XML-RPC Pingback Attacks are really annoying. You often see lots of POST /xmlrpc.php requests from different IP address from time to time. Sometimes, the number of requests is big enough to crash a server (yes, my server is a tiny angel). But I can’t disable WordPress XML-RPC because I need that for Jetpack to work (post by email, how cool!). Therefore, I figure out a quick and dirty way to prevent this by only allow Jetpack IP address to call XML-RPC. These IP are not public by WordPress (I don’t know why) as they stated that: “We aren’t able to provide any IP addresses for Jetpack as they fluctuate. You could try whitelisting *.wordpress.com for both inbound and outbound traffic, as a workaround.” However, by looking at my server log, I see 2 potential IP address ranges. Quick lookup confirms my suspicion. Here they are (Update: Ben (in the comment below) provided me with a list of IP addresses he found in his server log. I double checked and updated them here.): 66.135.32.0/19 66.155.0.0/18 69.174.240.0/20 72.232.0.0/17 76.74.248.0/21 192.0.64.0/18 198.181.116.0/22 207.198.64.0/18 209.15.0.0/16 216.151.208.0/20 And here is sample configuration in nginx server { location ~ xmlrpc\.php { deny all; allow 127.0.0.0/24; allow ::1/128; allow 66.135.32.0/19; allow 66.155.0.0/18; allow 69.174.240.0/20; allow 72.232.0.0/17; allow 76.74.248.0/21; allow 192.0.64.0/18; allow 198.181.116.0/22; allow 207.198.64.0/18; allow 209.15.0.0/16; allow 216.151.208.0/20; } } If you know any other IP ranges, let me know and I will update my post. Happy blogging!