Block Magento 1 brute force attacks on rss/order/new

Magento 1 comes with RSS endpoints that are increasingly targeted by brute force attacks. Some of the RSS endpoints are:

/rss/order/new
/rss/order/review
rss/catalog/notifystock

Also, Magento comes with a /downloader URL for admins to install extensions via the Magento Connect Manager.

All these URLs are behind login and password, but they do pose a few serious issues:

Weak passwords are guessed within minutes in a brute fore attack (and yes, to my suprise, shop owners still often use very weak passwords).

Brute force attacks can hammer the shop with thousands of requests per day. That slows down your shop, which as we all know is bad for conversion.

So, how to block brute force attacks on these Magento 1 endpoints?

If you're on Nginx, like most of our shops are, it's as simple as creating an Nginx rule like this:

location ~ /downloader {
    deny all;
    echo_exec @phpfpm;
}
location ~ /rss/order {
    deny all;
    echo_exec @phpfpm;
}
location ~ /rss/catalog {
    deny all;
    echo_exec @phpfpm;
}

Block Magento 1 brute force attacks on rss/order/new

So, how to block brute force attacks on these Magento 1 endpoints?

pingthat.app becomes ping.accentinteractive.nl

Check if files have changed on Hypernode Magento production

Laravel logcleaner keeps your logs small and tidy