# Another wave of wordpress attacks



## wlanboy (Sep 18, 2013)

Got some email notifications for login failures on some wordpress blogs I host.


103320 lockouts.
1180 IP are currently blocked from trying to log in.

What the heck?

Looks like they are using the xml-rpc interface (so password secured wp-admin does not help).

Clever trick because xml-rpc is activated by default in the latest wordpress version and there is no gui button to deactivate it (there is a plugin for that).


----------



## Francisco (Sep 18, 2013)

They're doing ping-back ddos attacks.

It's really really really nasty.

Francisco


----------



## wlanboy (Sep 18, 2013)

Can't believe that there are still so many vulnerable wordpress instances left.


----------



## drmike (Sep 18, 2013)

Wordpress = SAD.

Popularity contest software nearly always ends in such mass horror.


----------



## wlanboy (Sep 18, 2013)

buffalooed said:


> Wordpress = SAD.


None of the blogs I host did ever do anything bad.

No zombies, no ping-backs, no proxies.

You just have to know how to handle it.


----------



## drmike (Sep 18, 2013)

No doubt, you keep on things.   Plenty of updates, constant hacks against WP.  Plugins that are very questionable.  Plus everyone using it = inevitable mass issues.


----------



## wlanboy (Sep 18, 2013)

Looks like one of the control instances is 24.157.251.209 (AS5769).

Guess who is currently on "maintenance"?


----------



## eva2000 (Sep 18, 2013)

wlanboy said:


> Clever trick because xml-rpc is activated by default in the latest wordpress version and there is no gui button to deactivate it (there is a plugin for that).


thanks for heads up on that simple plugin


----------



## wlanboy (Sep 18, 2013)

eva2000 said:


> thanks for heads up on that simple plugin


It is a time saver.

Better than changing all functions.php files on all themes (after each update).


----------

