User Tools

Site Tools

Trace:
wordpress_xmlrpc

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
wordpress_xmlrpc [2016/03/04 09:11] luke7858wordpress_xmlrpc [2024/05/23 07:26] (current) – external edit 127.0.0.1
Line 12: Line 12:
   - Jetpack (an all-in-one solution to slowing down and/or bloating your WordPress site with third-party scripts)   - Jetpack (an all-in-one solution to slowing down and/or bloating your WordPress site with third-party scripts)
   - WP mobile apps   - WP mobile apps
-\\ 
 More information on XML-RPC API for wordpress can be found: https://codex.wordpress.org/XML-RPC_WordPress_API More information on XML-RPC API for wordpress can be found: https://codex.wordpress.org/XML-RPC_WordPress_API
 \\ \\
-==What is an xmlrpc attack?==+\\ 
 +== What is an xmlrpc attack?==
 xml-rpc can use **//system.multicall//** - this can be used to execute multiple methods inside a single request. This allows applications to pass multiple commands with one http request.  xml-rpc can use **//system.multicall//** - this can be used to execute multiple methods inside a single request. This allows applications to pass multiple commands with one http request. 
 \\ \\
Line 29: Line 29:
 **__NOTE__**: //WordPress, Drupal and most content management systems support XML-RPC.// **__NOTE__**: //WordPress, Drupal and most content management systems support XML-RPC.//
 \\ \\
-It can be used with Perl, Java, Python, C, C++, PHP and many other programming languages+It can be used with Perl, Java, Python, C, C++, PHP and many other programming languages.
 \\ \\
 \\ \\
 +Checking apache and nginx logs for xmlrpc
 +\\
 +<sxh bash>
 + awk '/xmlrpc.php/ {REQ[$1" "$6" "$7]++}END{for (i in REQ) print REQ[i],i}' /var/log/httpd/*access*log | sort -n | tail -25
 +</sxh>
 \\ \\
 Basic configuration: Basic configuration:
 <sxh bash> <sxh bash>
 To prevent xmlrpc attacks add the following to a .htaccess To prevent xmlrpc attacks add the following to a .htaccess
-<sxh bash> 
 <Files "xmlrpc.php"> <Files "xmlrpc.php">
 Order Allow,Deny Order Allow,Deny
Line 46: Line 50:
 **__Apache .htaccess:__** **__Apache .htaccess:__**
 <sxh bash> <sxh bash>
-<files xmlrpc.php="">+<Files "xmlrpc.php">
 Order Deny,Allow Order Deny,Allow
 Deny from all Deny from all
Line 56: Line 60:
 \\ \\
 **__Nginx__** **__Nginx__**
 +\\
 Deny all through nginx Deny all through nginx
 <sxh bash> <sxh bash>
Line 65: Line 70:
 </sxh> </sxh>
 \\ \\
 +\\
 +Allowing Wordpress IPs
 +<sxh bash>
 +         location = /xmlrpc.php {
 +            allow 192.0.64.0/18;
 +            deny all;
 +            access_log off; #to prevent from filling up the access log file
 +            error_log off; #to prevent from filling up the error log file
 +        }
 +</sxh>
 \\ \\
 == JetPack == == JetPack ==
Line 73: Line 88:
 Jet pack:  Jet pack: 
 https://wordpress.org/plugins/jetpack/ https://wordpress.org/plugins/jetpack/
 +\\
 \\ \\
 \\ \\
 === Wordfence === === Wordfence ===
 +##CURRENTLY INVESTIGATING ##
 +\\
 +I believe it costs around $5 a month 
 +\\
 This can also be used to block an attempted attack on XMLRPC This can also be used to block an attempted attack on XMLRPC
 \\ \\
wordpress_xmlrpc.1457082709.txt.gz · Last modified: 2024/05/23 07:26 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki