[wp-hackers] wp-hackers Digest, Vol 125, Issue 1

Chris Rudzki chris at rudzki.org
Thu Jun 4 19:49:20 UTC 2015


You can also whitelist, or increase the threshold, on Automattic ranges 
if you like:
http://whois.arin.net/rest/org/AUTOM-93/nets


-Chris

> wp-hackers-request at lists.automattic.com 
> <mailto:wp-hackers-request at lists.automattic.com>
> June 2, 2015 at 8:00 AM
> Send wp-hackers mailing list submissions to
> wp-hackers at lists.automattic.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.automattic.com/mailman/listinfo/wp-hackers
> or, via email, send a message with subject or body 'help' to
> wp-hackers-request at lists.automattic.com
>
> You can reach the person managing the list at
> wp-hackers-owner at lists.automattic.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of wp-hackers digest..."
>
>
> Today's Topics:
>
> 1. XML-RPC POST attack (Pavel Hejn)
> 2. Re: XML-RPC POST attack (Or Wilder)
> 3. Re: XML-RPC POST attack (Michael Van Winkle)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 01 Jun 2015 19:20:03 +0200
> From: Pavel Hejn <pavelevap at gmail.com>
> To: wp-hackers at lists.automattic.com
> Subject: [wp-hackers] XML-RPC POST attack
> Message-ID: <556C9443.7010308 at gmail.com>
> Content-Type: text/plain; charset=iso-8859-2; format=flowed
>
> Hi,
>
> I found many ideas how to protect website from XML-RPC attacks (POST 
> hits).
> They suggest .htaccess protection, using filter, delete file, use 
> special security plugin, ban IP
> address, etc.
> But I want to use this protocol on my website and wanted to ask if 
> there is any way to protect
> XML-RPC from Ddos attacks directly on server side (Apache)?
> I am searching for something which can be usable for many different 
> websites on one server.
> I do not want to allow only specific IP address, etc.
> Do you have any working solution?
>
> Thank you very much for ideas!
>
> Pavel
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 1 Jun 2015 17:23:44 +0000
> From: Or Wilder <Or at incapsula.com>
> To: "wp-hackers at lists.automattic.com"
> <wp-hackers at lists.automattic.com>
> Subject: Re: [wp-hackers] XML-RPC POST attack
> Message-ID:
> <BN3PR0601MB12491D492140A305AC56AF9BD6B60 at BN3PR0601MB1249.namprd06.prod.outlook.com>
>
> Content-Type: text/plain; charset="us-ascii"
>
> I suggest you use an oriented anti DDoS service, such as 
> Incapsula.com, we provide protections from XML-RPC attacks.
> It would be much trickier to implement your own protections without 
> stopping or disrupting the service.
>
> -----Original Message-----
> From: wp-hackers [mailto:wp-hackers-bounces at lists.automattic.com] On 
> Behalf Of Pavel Hejn
> Sent: Monday, June 01, 2015 8:20 PM
> To: wp-hackers at lists.automattic.com
> Subject: [wp-hackers] XML-RPC POST attack
>
> Hi,
>
> I found many ideas how to protect website from XML-RPC attacks (POST 
> hits).
> They suggest .htaccess protection, using filter, delete file, use 
> special security plugin, ban IP address, etc.
> But I want to use this protocol on my website and wanted to ask if 
> there is any way to protect XML-RPC from Ddos attacks directly on 
> server side (Apache)?
> I am searching for something which can be usable for many different 
> websites on one server.
> I do not want to allow only specific IP address, etc.
> Do you have any working solution?
>
> Thank you very much for ideas!
>
> Pavel
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 1 Jun 2015 11:35:54 -0700
> From: Michael Van Winkle <mike at mikevanwinkle.com>
> To: wp-hackers at lists.automattic.com
> Subject: Re: [wp-hackers] XML-RPC POST attack
> Message-ID:
> <CALVAUkXo6w_jauFNyRZjvXi6gfgf2kERxSVSnuuUhmT8D351WQ at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> I would agree with Or Wilder, but if you want to do it yourself I 
> recommend
> blocking via iptables if possible. Here's a write-up of how I do it:
>
> http://www.mikevanwinkle.com/block-a-hacker-post-attack-on-wordpress-xmlrpc-php/
>
>
>
>

-- 
Automattic, chris at automattic.com


More information about the wp-hackers mailing list