robinwilson16
Forum Replies Created
-
I have now managed to fix this issue.
It appears the issue which could be exploited two years ago can still be exploited now.
The best fix I can find is to redirect POST and GET requests for xmlrpc.php back to the caller using .htaccess.
Adding this line to .htaccess solves the problem:
`Redirect 301 /xmlrpc.php https://127.0.0.1This is taken from: https://www.linuxbabu.net/2014/07/wordpress-xmlrpc-php-attack/
Is there anyone that can help at all?
It seems there was a security issue in the version of WordPress that was running according to this article:
https://www.saotn.org/huge-increase-wordpress-xmlrpc-php-post-requests/However, I have now updated WordPress to the latest version and updated all themes and plugins yet the issue is still occurring.
Every second this is in the access log:
`
POST /xmlrpc.php HTTP/1.0″ 200 597 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)This WordPress website is still causing 100% disk utilisation and 100% cpu utilisation.
Surely WordPress websites shouldn’t be able to be taken down so easily?
Hello bukge
Thanks for the reply but the theme was a customised version of the default one so is safe. It has been running unchanged for at least the last 2 years. The same plugins have also been active the past two years without any issues.
As I can’t even access the WordPress website now as it just crashes the server how would I change the theme and disable the plugins?
Looking further into this it would appear the website may be being attacked:
https://www.saotn.org/huge-increase-wordpress-xmlrpc-php-post-requests/The IP address is from the Netherlands and it involves accessing xmlrpc.php.
I have attempted some of the fixes though but it doesn’t seem to help.
Any other suggestions would be appreciated.
Thanks
Robin