WordPress XML-RPC Attack

WordPress XML-RPC Attack

The main reason of running the attack usually to get backlinks. It is possible to push a bad post with other methods of hacking WordPress. Those IP related instances are kid in front of bigger powerful servers. Probably we are too good for those who never deserve the kindness. We should check the MySQL log for the last commands/queries ran on it :

If we had not faked as “we are not aware”, we could not collect many data. In very short, unless you check the Nginx access log, Error log, MySQL log; unless the PHP5-FPM Error is arriving – it will be a typical Nginx-PHP5-FPM Error with a moron like link towards Nginx’s website for checking log. When you will try to flush the cache manually or access the admin area – you’ll face the white page of Nginx declaring error. You’ll think that possibly you have wrong configuration of PHP5-FPM or there is issue with resource. You can give a 16GB server to face and increase the PHP memory to 50% of it – it will die sooner, exactly like a 4GB server.

Many bots are using xmlrpc.xml for spamming and it will also major cause for DDOS attacks.

There are some methods to block these pingback request, but many of them needs development / server knowledge , but i just tell you some methods .

Easy One:
Just rename or delete xmlrpc.php

in this way bot does not find the file but your server is being attacked with the IPs.

Second and Better One.
Just find IP through Servers access.log and access.log.1 if have.

Copy the IP’s list

create a knownhackers.conf

put all ip’s

3 4 5

deny 52.24.47.119; deny 54.69.228.145; deny 54.69.229.22; deny 52.10.165.55; deny 52.25.199.249;

and then restart your server.

Method 3:

add_filter( ‘xmlrpc_methods’, ‘remove_xmlrpc_pingback_ping’ );

function remove_xmlrpc_pingback_ping( $methods ) {

   unset( $methods[‘pingback.ping’] );

   return $methods;

} ;

Finally, disable pingback, trackback from WordPress admin panel.