Recently, our global honeypots have collected thousands of attacks which scanned and sent requests for WordPress XMLRPC. XML-RPC is a simple, portable way to make remote procedure calls over HTTP. WordPress, Drupal and many content management systems (CMS) support XML-RPC. However, XML-RPC may lead to serious security issues.
To use brute force attack(https://en.wikipedia.org/wiki/Brute-force_attack) to obtain admin/password, instead of going against wp-login.php or doing a single attempt against xmlrpc, attackers can leverage the system.multicall method to attempt to guess hundreds of passwords within just one HTTP request.
The two main ways to identify XML-RPC attacks are as follow:
1) Seeing the “Error connecting to database” message when WordPress sites are down
2) Finding many entries similar to "POST /xmlrpc.php HTTP/1.0” in the logs of web servers
As you see, this issue may lead to backend compromised or Denial or Service. To mitigate the issue, you could block XML-RPC. If you can't due to compatibility reason, you could mitigate the issue by blocking system.multicall requests.
CMS like WordPress are widely deployed, and that's why many cyber attackers are targeting at these kinds of systems.
Also, it's worthy of mentioning that a group of security experts from CloudCoffer(http://www.cloudcoffer.com/), which is our global research partner, has offered the right solution to help users prevent all kinds of known and unknown attacks, including brute force and OWASTP TOP 10.
Please feel free to leave a message to us at support@rayaegis.com.
One of the most common & dangerous attacks against WordPress
1 post
• Page 1 of 1
One of the most common & dangerous attacks against WordPress
by BlueStar » Fri Dec 23, 2016 7:06 pm
- BlueStar
- Posts: 53
- Joined: Fri Jun 06, 2014 5:01 pm
1 post
• Page 1 of 1