Arcade Webmasters Forum ( TalkArcades )
xmlrpc.php being abused? Try this :) - Printable Version

+- Arcade Webmasters Forum ( TalkArcades ) (https://arcadesters.com)
+-- Forum: Game Portal Discussion (https://arcadesters.com/forum-10.html)
+--- Forum: General Discussion (https://arcadesters.com/forum-61.html)
+--- Thread: xmlrpc.php being abused? Try this :) (/thread-171.html)



xmlrpc.php being abused? Try this :) - antz - 11-05-2018

Hello,
So recently a "script kiddie" tried to exploit one of my websites running on wordpress / myarcadeplugin by uploading a exploited .js file to which I removed and redirected them via .htaccess to an external MP3 of "You are an idiot", that might of triggered them. Since after that they brute forced the file xmlrpc.php dispite me having the plugins to have it disabled but to be honest xmlrpc.php isn't really a big required file, so what I did next is pretty epic. the plugin used to stop bad enquries https://en-gb.wordpress.org/plugins/block-bad-queries/

The exploit:
[Image: index.png]

The brute force attacks towards xmlrpc.php
[Image: Screenshot_73.png]

My Response:
[Image: Screenshot_74.png]

Sure enough after I did this, my load on my hosting dropped and I was free to do as I please again.

Thanks script kiddies.

https://www.youtube.com/watch?v=Um_ZEFwlWV4




Thanks & have an epic day,
Antz


RE: xmlrpc.php being abused? Try this :) - classroom6x - 19-10-2023

wordpress was always being full of exploits, its better to use some custom cms..