Just installed Mute Screamer yesterday. Previously, I had PHPIDS running directly but thought I'd try this plugin since it looks like things would be so much easier to manage.
Well as soon as I installed and configured it, I started receiving tons of XMLRPC alerts that seem to be caused by JetPack. The alerts all look something like the following:
Value Column (I swapped in some random values for things that might be sensitive - in brackets):
"1.0"?> <methodCall> <methodName>jetpack.getPosts</methodName> <params> <param><value><array><data> <value><array><data> <value><int>8155</int></value> </data></array></value> </data></array></value></param> </params></methodCall> /xmlrpc.php?for=jetpack&token=[arandomvaluelookingthinghere]×tamp=[sometimestampwashere]&nonce=[somerandomnonce]&body-hash=[thebodyhash]&signature=[andthesig]
Tags: xss, csrf, id, rfe, lfi
I also get tons of similar alerts via POST requests as well. I tried turning off wp-admin alerts and that didn't seem to help.
I know Icould probably just add exceptions for "REQUEST.<?xml_version" and "POST.<?xml_version" but was concerned because I never received these types of alerts in my old PHPIDS direct install.
Any thoughts or opinions on how to address this?