David Anderson
2014-07-22 12:04:52 UTC
I've noticed a huge surge in trash traffic to /xmlrpc.php on my big sites.
In my case they are coming from different IP's every time which makes them
very hard to block (and indicating a DDOS or at least distributed intrusion
attempt).
Distributed brute-force login attacks appear to have switched to usingIn my case they are coming from different IP's every time which makes them
very hard to block (and indicating a DDOS or at least distributed intrusion
attempt).
XMLRPC in the last couple of weeks. I'm seeing them on many sites. It
seems reasonable to assume that this is because some of the solutions
that protect against distributed and/or brute-force attacks aren't
covering XMLRPC.
I posted this and asked (the very good) BruteProtect about their plans
the week before last, but haven't heard what they think about it yet
(the link also has more info about the attacks):
http://wordpress.org/support/topic/brute-forcing-via-xmlrpc
Best wishes,
David
--
UpdraftPlus - best WordPress backups - http://updraftplus.com
WordShell - WordPress fast from the CLI - http://wordshell.net
UpdraftPlus - best WordPress backups - http://updraftplus.com
WordShell - WordPress fast from the CLI - http://wordshell.net