Re: WP's XML-RPC functionality a security vulnerability?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: WP's XML-RPC functionality a security vulnerability?

David Anderson-29

> I've noticed a huge surge in trash traffic to /xmlrpc.php on my big sites.
> In my case they are coming from different IP's every time which makes them
> very hard to block (and indicating a DDOS or at least distributed intrusion
> attempt).

Distributed brute-force login attacks appear to have switched to using
XMLRPC in the last couple of weeks. I'm seeing them on many sites. It
seems reasonable to assume that this is because some of the solutions
that protect against distributed and/or brute-force attacks aren't
covering XMLRPC.

I posted this and asked (the very good) BruteProtect about their plans
the week before last, but haven't heard what they think about it yet
(the link also has more info about the attacks):

http://wordpress.org/support/topic/brute-forcing-via-xmlrpc

Best wishes,
David

--
UpdraftPlus - best WordPress backups - http://updraftplus.com
WordShell - WordPress fast from the CLI - http://wordshell.net


_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|

Re: WP's XML-RPC functionality a security vulnerability?

Patty Ayers
Thanks to all for the information on this, much appreciated.

Patty


On Tue, Jul 22, 2014 at 8:04 AM, David Anderson <[hidden email]> wrote:

>
>  I've noticed a huge surge in trash traffic to /xmlrpc.php on my big sites.
>> In my case they are coming from different IP's every time which makes them
>> very hard to block (and indicating a DDOS or at least distributed
>> intrusion
>> attempt).
>>
>
> Distributed brute-force login attacks appear to have switched to using
> XMLRPC in the last couple of weeks. I'm seeing them on many sites. It seems
> reasonable to assume that this is because some of the solutions that
> protect against distributed and/or brute-force attacks aren't covering
> XMLRPC.
>
> I posted this and asked (the very good) BruteProtect about their plans the
> week before last, but haven't heard what they think about it yet (the link
> also has more info about the attacks):
>
> http://wordpress.org/support/topic/brute-forcing-via-xmlrpc
>
> Best wishes,
> David
>
> --
> UpdraftPlus - best WordPress backups - http://updraftplus.com
> WordShell - WordPress fast from the CLI - http://wordshell.net
>
>
> _______________________________________________
> wp-hackers mailing list
> [hidden email]
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers