xmlrpc.php being exploited
-
Wondering what was causing a huge bandwidth jump on my site my host has determined that WordPress xmlrpc.php is being exploited. As a result they have shut down access off site so I can’t use tools like posting from Flickr and using w.bloggar. Here are the recent forum posts about the problem:
“It looks like the additional bandwidth usage is coming from an exploited part of the wordpress script you are running… looking through the logs it seems as though they are constantly linking in at your urls in the following way:- /lucas/index.php?disp=stats
I noticed in fantastico that you are running an outdated version, so you may want to try upgrading to see if that cures the problem.
If that fails then there are other things we can try, but lets start off with the obvious and go from there.”
“Asking at WordPress elicited a suggestion to install Bad Behavior https://www.ioerror.us/software/bad-behavior/ which I have done. Has that stemmed the tide enough to allow server access to xmlrpc.php files again?”
“Unfortunately it wouldnt. From what I can tell all bad-behaviour does is filter out known wordpress spam bots. The xmlrpc problem was they were exploiting an unsafe php script to upload illegal content to the server.”
I hope there is a simple answer because this is seriously affecting my enjoyment of my multiple WordPress installations.
- The topic ‘xmlrpc.php being exploited’ is closed to new replies.