Changes between Initial Version and Version 1 of Ticket #21509, comment 19
- Timestamp:
- 10/26/2014 07:02:59 PM (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #21509, comment 19
initial v1 6 6 That option only applies to XML-RPC methods that check user credentials, but pingbacks/trackbacks are anonymous and thus do not fall under that check. 7 7 8 There are opportunities for the community to write plugins or better documentation on how to block ping/trackback requests either at the PHP level (e.g., by hooking the `xmlrpc_call` methodand `die`ing for these methods) or the web server/proxy level (e.g., nginx or Varnish). But just disabling XML-RPC by default will not help with the DDOS issues.8 There are opportunities for the community to write plugins or better documentation on how to block ping/trackback requests either at the PHP level (e.g., by hooking the `xmlrpc_call` action and `die`ing for these methods) or the web server/proxy level (e.g., nginx or Varnish). But just disabling XML-RPC by default will not help with the DDOS issues.