Another wave of wordpress attacks

[wlanboy]

Got some email notifications for login failures on some wordpress blogs I host.


103320 lockouts.
1180 IP are currently blocked from trying to log in.

What the heck?

Looks like they are using the xml-rpc interface (so password secured wp-admin does not help).

Clever trick because xml-rpc is activated by default in the latest wordpress version and there is no gui button to deactivate it (there is a plugin for that).

 

[Francisco]

They're doing ping-back ddos attacks.

It's really really really nasty.

Francisco

 

[wlanboy]

Can't believe that there are still so many vulnerable wordpress instances left.

 

[drmike]

Wordpress = SAD.

Popularity contest software nearly always ends in such mass horror.

 

[wlanboy]

Wordpress = SAD.

None of the blogs I host did ever do anything bad.

No zombies, no ping-backs, no proxies.

You just have to know how to handle it.

 

[drmike]

No doubt, you keep on things.   Plenty of updates, constant hacks against WP.  Plugins that are very questionable.  Plus everyone using it = inevitable mass issues.

 

[wlanboy]

Looks like one of the control instances is 24.157.251.209 (AS5769).

Guess who is currently on "maintenance"?

 

[eva2000]

Clever trick because xml-rpc is activated by default in the latest wordpress version and there is no gui button to deactivate it (there is a plugin for that).

thanks for heads up on that simple plugin

 

[wlanboy]

thanks for heads up on that simple plugin

It is a time saver.

Better than changing all functions.php files on all themes (after each update).