[wp-trac] [WordPress Trac] #36806: XML-RPC Hack
WordPress Trac
noreply at wordpress.org
Tue May 10 18:49:50 UTC 2016
#36806: XML-RPC Hack
--------------------------+-----------------------------
Reporter: xathras | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.5.2
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Dear Wordpress,
I noticed that xml-rpc.php was under heavy load this for last few days.
Wondering if there is any permanent fix for this?
The first signs of attack was a large spike in CPU resources on my AWS EC2
instance.
My OS is an Ubuntu Release with all updates & updates. See uname -a
information:
root at ip-172-31-36-126:/# uname -a
Linux ip-172-31-36-126 3.13.0-79-generic #123-Ubuntu SMP Fri Feb 19
14:27:58 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
In order to prevent the attack further I added the following apache-rpc
configuration to fail2ban:
{{{
[apache-xmlrpc]
enabled = true
port = http,https
filter = apache-xmlrpc
logpath = /opt/bitnami/apache2/logs/access_log
maxretry = 6
bantime = 3600
}}}
I then added a filter file:
{{{
[Definition]
failregex = ^<HOST> .*POST .*xmlrpc\.php.*
ignoreregex =
}}}
My question is if this is known, why is there no fix?
[http://xplus3.net/2013/05/09/securing-xmlrpc-wordpress/]
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36806>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list