Simple tool for load-testing HTTP server

Today I came across a very simple tool for load-testing. It’s called AB and come with Apache HTTP Server. The command line arguments are very simple: ab -n 10000 -c 10 http://your_web_site/url.html Where -n is the number of successful requests and -c is the number of concurrence connections. If you want to have more control over the URL you want to test, and much more, I recommend JMeter (also from Apache) Source:

Quick and dirty way to prevent XML-RPC Pingback Attacks

XML-RPC Pingback Attacks are really annoying. You often see lots of POST /xmlrpc.php requests from different IP address from time to time. Sometimes, the number of requests is big enough to crash a server (yes, my server is a tiny angel). But I can’t disable WordPress XML-RPC because I need that for Jetpack to work (post by email, how cool!). Therefore, I figure out a quick and dirty way to prevent this by only allow Jetpack IP address to call XML-RPC. These IP are not public by WordPress (I don’t know why) as they stated that: “We aren’t able to provide any IP addresses for Jetpack as they fluctuate. You could try whitelisting * for both inbound and outbound traffic, as a workaround.” However, by looking at my server log, I see 2 potential IP address ranges. Quick lookup confirms my suspicion. Here they are (Update: Ben (in the comment below) provided me with a list of IP addresses he found in his server log. I double checked and updated them here.): And here is sample configuration in nginx server { location ~ xmlrpc\.php { deny all; allow; allow ::1/128; allow; allow; allow; allow; allow; allow; allow; allow; allow; allow; } } If you know any other IP ranges, let me know and I will update my post. Happy blogging!