hope, I’m in the right sub-forum. I have searched the site and also the internet without success – hope, I will got a hint here.
I’m running WordPress 3.5.1 with default theme “WordPress Default”
A few days ago I installed a plug-in Snitch, written from Sergej Müller. Snitch records outgoing links and is also able to block unwanted links.
Now I find a lot blocked communication entries from core module
/wp-includes/class-wp-xmlrpc-server.php (line 5383)
see image here
to URLs like luisvouittonbags.com, driverregistration.com, yoursexdrive.com and so on. All thouse URLs are not from my blog.
First my impression was, that the blog may be hacked – but I checked my blog and also the themes with different plug-ins and externals tools – without any result.
I’ve deactivated all plug-ins, to isolation the source of my problem – but the entries are still recorded.
Then I have reinstallaed WordPress 3.5.1 twice, to be sure, that the php code is intact. I also inspected class-wp-amlrpc-serve.php without success.
Now I’m out of ideas what goes on. Therefore some questions:
– any idea what the intention of the outgoing links mentioned above?
My impression: could it be, that WP installations will be misused as a spam link seeder?
– is it possible, that XMLRPC interface is called from the web?
– what can I do to catch the cause of this issue?