I run a service like http://weblogs.com etc. but only for registered users. The site can pinged using XML-RPC. In order to sign up, you must have a blog written in Danish.
I have recently noticed an excessive number of pings about blogs not belonging to registered users. I used to think that these came from spammers, but I found out that the URL to the XML-RPC service was posted many places on the web in lists like this one: http://elliottback.com/wp/archives/2004/11/21/a-list-of-rpc-and-rpc2-to-ping/
The authors of these lists usually encourage users to add all the sites in the list to their blogging software.
I don’t know why my service was added in the first place, because it only applies to a very limited audience (because of the language and registration requirements). But somehow it was and then the list got spread around the world.
When people try to ping me with a blog that hasn’t been registered in advance, I respond with an XML-RPC error message as described on <http://www.xmlrpc.com/spec#faults>. Under certain circumstances I even return a 403 Unauthorized HTTP status code (I hoped that this would scare away some of the unwanted hits).
It appears that WordPress does not alert the user about either of these error conditions. This allows users to keep pinging me without ever knowing that their pings are not wanted, even though I try to tell them that they shouldn’t ping me. This also prevents legitimate users from getting debug info, if for some reason I reject their pings (e.g. because they made a type in the URL when they signed up for Blogbot).
So I suggest that WordPress is extended to show these error messages if a ping fails.
- The topic ‘Error messages from XML-RPC calls’ is closed to new replies.