WordPress.org

Ready to get started?Download WordPress

Forums

Mute Screamer
Tons of XMLRPC Alerts (4 posts)

  1. secgrrl
    Member
    Posted 2 years ago #

    Just installed Mute Screamer yesterday. Previously, I had PHPIDS running directly but thought I'd try this plugin since it looks like things would be so much easier to manage.

    Well as soon as I installed and configured it, I started receiving tons of XMLRPC alerts that seem to be caused by JetPack. The alerts all look something like the following:

    Name: REQUEST.<?xml_version

    Value Column (I swapped in some random values for things that might be sensitive - in brackets):

    "1.0"?> <methodCall> <methodName>jetpack.getPosts</methodName> <params> <param><value><array><data> <value><array><data> <value><int>8155</int></value> </data></array></value> </data></array></value></param> </params></methodCall> /xmlrpc.php?for=jetpack&token=[arandomvaluelookingthinghere]&timestamp=[sometimestampwashere]&nonce=[somerandomnonce]&body-hash=[thebodyhash]&signature=[andthesig]

    Tags: xss, csrf, id, rfe, lfi

    Impact: 8

    I also get tons of similar alerts via POST requests as well. I tried turning off wp-admin alerts and that didn't seem to help.

    I know Icould probably just add exceptions for "REQUEST.<?xml_version" and "POST.<?xml_version" but was concerned because I never received these types of alerts in my old PHPIDS direct install.

    Any thoughts or opinions on how to address this?

    http://wordpress.org/extend/plugins/mute-screamer/

  2. ampt
    Member
    Plugin Author

    Posted 2 years ago #

    Not sure what is happening here, I'm running XMLRPC and JetPack on one of my sites and haven't had any alerts like you describe. I've noticed there is a new version of JetPack available so I will test that out and get back to you.

    Which version of WordPress and JetPack are you running?

  3. ampt
    Member
    Plugin Author

    Posted 1 year ago #

    Ok so I'm getting the same problem when I'm using the WordPress iOS app, when it makes requests via xmlrpc.php.

  4. ampt
    Member
    Plugin Author

    Posted 1 year ago #

    Ok so I'm getting the same problem when I'm using the WordPress iOS app, when it makes requests via xmlrpc.php. Will look into this. Sorry about the double post, connection dropped out.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic