Attack DDOS to WordPress through XML-RPC • WordPress Help

 attack ddos ​​wordpress

If you have active XML-RPC in WordPress you are likely to move to the list of more than 162,000 sites that have already been attacked by a distributed denial of service attack or DDOS .

According to Sucuri informs any WordPress with active XML-PRC, most because it is active by default, it can become one more zombie that will be used for the DDOS attack originally used to pull down a very popular site.

Within a few hours have been used to this attack DDOS over 162 thousand WordPress totally clean and safe using its XML-RPC protocol to continue the attack.

Everything starts up with a simple pingback request to an innocent site in form of a single command in Linux : [19659007] $ curl -D – "www.cualquiersitiowordpress.com/xmlrpc.php" -d ' pingback.ping http://VICTIMA.com www.cualquiersitiowordpress.com/postchosen '

$ curl D "www.cualquiersitiowordpress.com/xmlrpc.php" d [19659018] ' pingback.ping http://VICTIMA.com www.cualquiersitiowordpress.com/postchosen '

Not to be used in this DDOS attack alone you have to disable XML-RPC . I already warned in his day that having active default XML-RPC was a security risk and now it is confirmed in the worst possible way.

Anyway, if you want to deactivate it you can do it 3 ways :

  1. Rename the file xmlrpc.php that you'll find in the root folder of the WordPress installation, and remember to do it again after each new update because it will put it back in.
  2. ] In file wp-config.php after require_once (ABSPATH. 'Wp-settings.php'); add the following line:
  3. Add the following code to the file functions.php of the active topic:

That yes, disable XML-RPC is not something banal, it is the protocol used for pingbacks, trackbacks, publishing from mobile applications, desktop and much more.

Finally, and it's not a security measure but just a check, you can check if right now your site is being used for a DDOS attack in this tool

NOTICE : This publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you: