XMLRPC attack

Tse, tse, tse… 100 attempts in the last two hours. Disabled xmlrpc.php for the moment, should be better until the first rush is over. One friends blog are already attacked, luckily their didn’t damaged too much. Was my fault, didn’t updated the version 😦

Tagged ,

6 thoughts on “XMLRPC attack

  1. Guillermo says:

    I just upgraded to WP 2.8.4 today… I had 2.8.1 before… I can I make sure mine wasn’t attacked?

  2. Joseph Scott says:

    The current worm going around is using a hole in older versions of WordPress, but the hole is not in xmlrpc.php. After gaining access to the blog it uses a call to xmlrpc.php to inject a new admin user. Disabling, renaming or deleting xmlrpc.php doesn’t address the issue. The best policy is to upgrade.

  3. alex.rabe says:

    Yes you are right, I dig deeper in to the hacked blog and reviewed again the apache.log, they only use XMLRPC AFTER they registered already the new user. The base64encoded script via XMLRPC looks so evil, that I thought they did it direct via this API

  4. Michael says:

    Hi Alex,

    Just finished upgrading an artist friend of mine to the latest WP 2.8.4 and it seems NextGEN Gallery doesn’t seem to enlarge pics anymore.

    This was my first time looking at the NextGEN plugin, so I am not sure what is going on. The AJAX just says “Loading” seemingly forever.

    He has really been enjoying the plugin, but I’m just stuck as to what is going on so far.

    If you could let me know what could be going wrong, it would be much appreciated.

    Here’s his gallery:

    Once you enter any gallery and attempt to enlarge a specific pic, it just doesn’t seem to work anymore.


  5. Paul Kirtley says:

    I installed the NetGEN Gallery on my WordPress weblog, but I don’t see it. Can you tell me what I did wrong?


    Go to: http://www.missionuganda.info

  6. alex.rabe says:

    Paul & Michael -> Support request please in the forums. Thanks !

Comments are closed.

%d bloggers like this: