recentpopularlog in

kme : xmlrpc   2

More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack | Sucuri Blog
See also: https://www.trustwave.com/Resources/SpiderLabs-Blog/WordPress-XML-RPC-PingBack-Vulnerability-Analysis/

Except those assholes don't give you copy-pasteable code. It's an image. These assholes let their CMS put smartquotes in the code, but at least it's a start.
add_filter( 'xmlrpc_methods', function( $methods ) {
unset( $methods['pingback.ping'] );
return $methods;
} );


Here's a POST that will check to see if the "patch" worked:
<?xml version="1.0"
encoding="iso-8859-1"?><methodCall><methodName>pingback.ping</methodName><params ><param><value><string>http://127.0.0.1</string></value></param><param><value><string></string></value></param></params></methodCall>
wordpress  security  webmaster  ddos  xmlrpc  pingback 
march 2015 by kme

Copy this bookmark:





to read