XML-RPC Attack Haven't Stopped After Installing Plugin

  • thita

    (@thebrickblogger)


    9 years, 10 months ago

    Samuel, one of our sites have been under an xml-rpc attack, so I installed this plugin five days ago. However I see that the xml-rpc file is still being attacked.

    I figured this has to do with some of the attackers already having access to the file-path from prior to installing the plugin, but I also get attacks from new IPs I haven’t seen before.

    Would you have any insight into this? I was hoping this plugin will help stop the attack, but so far this hasn’t been the case. I have to manually watch the activity on the file all day and block IPs as they attack, but this is extremely tedious and time-consuming.

    I have pingbacks and trackbacks disabled and the plugin installed. I don’t know what else to do, so any help would be appreciated. Thanks in advance.

    https://www.ads-software.com/plugins/disable-xml-rpc-pingback/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Samuel Aguilera

    (@samuelaguilera)

    Hi,

    The purpose of the plugin is to remove the pingback methods from XML-RPC interface, as mentioned in a previous support thread this don’t have any relation with the fact that your attackers are still accessing to the file even when they’re not able to complete the request, you know, dummy bots…

    If you want to stop the bots from accesing to the file you need to stop them at server level. I guess this is what you’re doing blocking the IPs.

    Another approach if you don’t need to use the xmlrpc.php for any purpose is to block it totally, in Apache you can do it by adding the following to the .htaccess in your site root directory:

    <Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>

    Maybe you should consider also to use third-party services as CloudFlare or Incapsula, that usually helps you to stop massive attacks before reaching your server.

    Regards.

    Thread Starter thita

    (@thebrickblogger)

    Samuel, thanks for the quick response. I will wait a few more days to see if the attacks diminish, and if not, I will ask my server’s tech support for help. I was just hoping this plugin will discourage them and these nasty bots will go away. Thanks for the suggestions.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘XML-RPC Attack Haven't Stopped After Installing Plugin’ is closed to new replies.