Jump to content

Wordpress Xmlrpc Attack

hussam

By hussam
in Website Management and Coding

 Share

Recommended Posts

hussam Newbie

hussam

Posted
Posted

There apparently is an xml-rpc attack in the wild targetting random websites since around the 20th of july, two weeks ago.

From what I understand, they use yourwebsite.com/xmlrpc.php to gain access to your website by bruteforce username/password cracking attempts.

 

http://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html

 

Unless you need the ability to post using mobile applications or some desktop applications like bloglio, you may not need the xmlrpc.php functionality (correct me if I am wrong here).

 

If you find yourself under attack, adding this to .htaccess seems to help:

 

RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]

 

It redirects the bot's requests to xmlrpc.php to http://0.0.0.0 on the machine the bot is running at.

 

Update: The denial of service vulnerability has been fixed in Wordpress 3.9.2 so the above workaround is no longer needed.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...