5 Nov
2019
5 Nov
'19
12:38 p.m.
** Jon Spriggs <jon(a)sprig.gs> [2019-11-04 19:51]:
On Mon, 4 Nov 2019 at 19:05, Ian Hobson
<hobson42(a)gmail.com> wrote:
<snip>
> There were a large number of POSTS to /xmlrpc.php
which is part of
> wordpress. I thought nothing of it, until I googled it.
>
> Seemingly xmlrpc.php is used to post remotely to your site. Curently it
> is more used for DDOS attacks. The IP was from china.
>
> So xmlrpc will be disabled on all my wordpress sites.
>
> >> nginx talks to php7.2-fpm using fastcgi-pass to 127.0.0.1:9000.
> >
> > I'm not familiar with fastcgi-pass - I'll look into it over the coming
> > weeks though as I'm generally a fan of FCGI :)
> >
> It works great.
Rather than disabling XMLRPC, there's a plugin
called "*Disable XML-RPC
Pingback*" which might be better. XML-RPC is primarily used by Wordpress
client applications (like the Mobile App), and Jetpack (the wordpress.com
plugin pack).
** end quote [Jon Spriggs]
I have had issues with RPC and WordPress, and still get regular
probes/connections. I did have the Disable XML-RPC Pingback plugin for a while,
but I've removed it now as I have Fail2ban doing the job. It seems to be kept
quite busy, but is clearly doing its job, and has the benefit of allowing
Jetpack to function if you want to connect with that.
--
Paul Tansom | Aptanet Ltd. | https://www.aptanet.com/ | 023 9238 0001
=============================================================================
Registered in England | Company No: 4905028 | Registered Office: Ralls House,
Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP