WordPress :: xmlrpc.php Attack!

You may also like...

5 Responses

  1. RW says:

    What is the significance of 127.0.0.1? It’s not showing up in your log file example…

    Thanks,
    Bob

  2. dino says:

    This not a solution but a way to avoid our server being overloaded due to tons of requests. The IP 127.0.0.1 will act as local IP for the attacking IP’s / servers so it would somewhat act as reverse attack on the attacking server. Here is the log after modifying the .htaccess :

    115.77.156.171 - - [05/Aug/2014:22:14:30 -0500] "POST /xmlrpc.php HTTP/1.1" 301 224 "-" "-"
    73.32.214.34 - - [05/Aug/2014:22:14:30 -0500] "POST /xmlrpc.php HTTP/1.1" 301 224 "-" "-"
    2.38.65.94 - - [05/Aug/2014:22:14:31 -0500] "POST /xmlrpc.php HTTP/1.1" 301 224 "-" "-"
    98.219.11.73 - - [05/Aug/2014:22:14:31 -0500] "POST /xmlrpc.php HTTP/1.1" 301 224 "-" "-"

  3. Robin Wilson says:

    Thanks dino for the help.
    I had tried various solutions posted on other websites but none of these worked and as soon as the site was turned back on the attack continued.
    However your solution worked straight away with the added bonus that the attackers are now attacking themselves.
    It seems this attack is still possible with the latest version of WordPress.

    Thanks
    Robin

  4. amrit pal says:

    i think this is nice trick, i used it, but why is index.php is getting high cpu usage now, attack is being redirected to thier localhost, is this trick effect on our post seo ?

  5. Lance Turner says:

    Great advice. Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *