hussam Posted August 4, 2014 Posted August 4, 2014 There apparently is an xml-rpc attack in the wild targetting random websites since around the 20th of july, two weeks ago.From what I understand, they use yourwebsite.com/xmlrpc.php to gain access to your website by bruteforce username/password cracking attempts. http://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html Unless you need the ability to post using mobile applications or some desktop applications like bloglio, you may not need the xmlrpc.php functionality (correct me if I am wrong here). If you find yourself under attack, adding this to .htaccess seems to help: RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L] It redirects the bot's requests to xmlrpc.php to http://0.0.0.0 on the machine the bot is running at. Update: The denial of service vulnerability has been fixed in Wordpress 3.9.2 so the above workaround is no longer needed.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now