Opened 8 years ago
Closed 8 years ago
#36806 closed defect (bug) (duplicate)
XML-RPC Hack
Reported by: | xathras | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.5.2 |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
Dear Wordpress,
I noticed that xml-rpc.php was under heavy load this for last few days. Wondering if there is any permanent fix for this?
The first signs of attack was a large spike in CPU resources on my AWS EC2 instance.
My OS is an Ubuntu Release with all updates & updates. See uname -a information:
root@ip-172-31-36-126:/# uname -a
Linux ip-172-31-36-126 3.13.0-79-generic #123-Ubuntu SMP Fri Feb 19 14:27:58 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
In order to prevent the attack further I added the following apache-rpc configuration to fail2ban:
[apache-xmlrpc] enabled = true port = http,https filter = apache-xmlrpc logpath = /opt/bitnami/apache2/logs/access_log maxretry = 6 bantime = 3600
I then added a filter file:
[Definition] failregex = ^<HOST> .*POST .*xmlrpc\.php.* ignoreregex =
My question is if this is known, why is there no fix? http://xplus3.net/2013/05/09/securing-xmlrpc-wordpress/
Attachments (1)
Change History (4)
#2
@
8 years ago
This post talks about the same issue, as well as being of use since they where using a EC2 instance.
http://blog.carlesmateo.com/2014/08/30/stopping-and-investigating-a-wordpress-xmlrpc-php-attack/
#3
@
8 years ago
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed
A DOS (Denial of Service) against xml-rpc.php
is no different to one against the homepage or wp-login.php
, preventing either is out of scope for WordPress, caching & security plugins often attempt to cover this well, but ultimately it's a issue that needs to be handled at the server level.
Details of CPU