nickaster

Got it.. thanks. Anyone know of a wordpress plugin or instructions that accomplishes this? Google Analytics has gotten way too complicated for me to understand, at least as far as developing anything goes…

Yeah i know, but it’s a big manual slog… I can’t even tell how many are indexed. For a rainy day.

Thanks…. I’ll ask the hackers.

Well that’s good news on the “created page” issue. Unfortunately, it seems like once Google knows about them, even if I kill all links, I’m still stuck with the pollution, that’s a real drag.

Yeah, I know about the thumbnail concept but man, it would seem like a far better idea to have to *choose* this every time, if you were going to do it as a photographer than to get stuck cleaning up this mess.

Well, technically I didn’t opt in. My writers did it in ignorance and now I’m cleaning up the mess.

Is there a way to force the default to always be NONE? The problem is they accidentally (or purposely?) do it once, then repeatedly do it and I don’t always have time to check.

Also, are you saying this page will not be created at all if the image has never been “linked to”? I fear that these pages do exist for every image ever uploaded whether someone linked to it or not… is that not true? I’ll be greatly relieved if so!

But again… why would anyone ever want this?

Very interesting, but it sounds like the average user doesn’t really need it. I’d think WP would find a way to rename it or something to drive away these spammers -might be a little work requiring changes to some of those apps, but still.

Anyway, it’s been two weeks and we’re still cruising with a simple htaccess block. I’m happy for now!

Just wanted to add another two cents to the convo. 5 days later and we’re still cruising, everything is nice and fast. I’m going to keep monitoring it, but man, blocking this xmlrpc thing was a godsend, no IP addresses needed. I would hope WP can make this standard in some way!

Esmi – right, so if you just look through them you can search for xmlrpc and if lots of stuff comes up in a certain time period that implies a lot of hits?

Well, ~24 hours later we are still blazing fast. Its like night and day. The site has never been this fast. I’m hoping it lasts!

ESMI – do you know the command to check to see what (if anything) is hitting XMLRPC? I’m not great on the command line but I can follow orders.

I’ll check it out in a day or two but so far the .htaccess only solution is a miracle.

It would seem logical to be able to do this only for some users – ie anyone who’s less than an editor. Authors generally have zero understanding as to why that 3 Meg photo is a bad thing to upload. But editors may occasionally have a good reason to go big.

Interesting… I’ll keep my eye on it. Guess I could make some automated script to block any IP that hits more than X times. But those IPs change quickly.

So… anyone know if WP is looking into this? Seems like a serious enough problem that a patch is merited.

Well, I tried the .htaccess method it and it seems to have worked wonders. Site is much, much faster now. Worked almost instantly.

Is there any downside to this?

Interesting. I just tried the htaccess method and it seems to have helped a lot. What does that Rewrite do, exactly? Just redirects to some bunk IP?

I’m having the same problem right now. And it’s those same Ecatel bastards in the Netherlands over and over hitting xmlrpc.php.

Don’t totally understand the fix though. Are you saying block all access to xmlrpc? Wouldn’t that cause other problems? Did adding that “Deny All” in htaccess actually solve the problem? Seems like this is common enough that WP should have addressed some how.

Why would you have to wait hours or a day to see if it worked? Shouldn’t the churn quit quickly?

Also, blocking the IPs doesn’t seem to do much because they change all the time… even inside the Netherlands.

Right now, for example, I’m able to see activity just fine, blocking the bad guys. What should I look for (in the logs?) that would tell me why it’s working fine right now, vs the times it just hangs?

Hi Mark, thanks for working on this.

THe “Immediately lock out invalid usernames” is great. The only problem is that if someone makes a typo they can get accidentally locked out. When I turned this on, it was only a few hours before someone did this.

It would definitely be great to just be able to specify that “admin” always gets blocked, or that “XYZ always gets blocked”…. or at the very least, if you try it multiple times you get blocked or something…. with some kind of warning about it.