Re: [bitfolk] Wordpress xml-rpc attacks

Top Page

Reply to this message
Author: Ian
To: users
Subject: Re: [bitfolk] Wordpress xml-rpc attacks
Paul Tansom said:

> Yes, that's the plugin I'm trying to install. I've clearly been lax, but I
> thought pingbacks were disabled by default,

They got enabled in July 2012 in one of the not really documented
changes for the then forthcoming version 3.5 released later that year, sigh.

> At the moment I'm blocking xmlrpc.php from
> the .htaccess, but each time I enable Apache again the load goes from around
> 0.09 through to 30, 40 or 50 within a minute or so. It is very difficult to
> test and diagnose if you can't get any response from the server because of the
> load :( I'm just putting something together with fail2ban, then with any luck I
> can put the plugin in place and experiment.

If I look at the log files, the most any site here has had this month is
97 accesses.

I wonder if someone is doing a DDOS on you - the ability to do that via
pingbacks is the subject of a WP bug report that goes back about five years.

I'd expect using fail2ban to ban anyone who is trying to access that
file frequently should help.
