[wp-trac] [WordPress Trac] #36806: XML-RPC Hack

WordPress Trac noreply at wordpress.org
Tue May 10 18:49:50 UTC 2016

#36806: XML-RPC Hack
 Reporter:  xathras       |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  General       |    Version:  4.5.2
 Severity:  normal        |   Keywords:
  Focuses:                |
 Dear Wordpress,

 I noticed that xml-rpc.php was under heavy load this for last few days.
 Wondering if there is any permanent fix for this?

 The first signs of attack was a large spike in CPU resources on my AWS EC2

 My OS is an Ubuntu Release with all updates & updates. See uname -a
 root at ip-172-31-36-126:/# uname -a
 Linux ip-172-31-36-126 3.13.0-79-generic #123-Ubuntu SMP Fri Feb 19
 14:27:58 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

 In order to prevent the attack further I added the following apache-rpc
 configuration to fail2ban:


 enabled  = true
 port     = http,https
 filter   = apache-xmlrpc
 logpath  = /opt/bitnami/apache2/logs/access_log
 maxretry = 6
 bantime = 3600

 I then added a filter file:

 failregex = ^<HOST> .*POST .*xmlrpc\.php.*
 ignoreregex =

 My question is if this is known, why is there no fix?

Ticket URL: <https://core.trac.wordpress.org/ticket/36806>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list