Warning: XMLRPC WordPress Exploit DDOS

WordPress Insecure Default Option = Very Large Botnet of DDOS/Infections. More Than 162,000 affected so far.

For those unaware, there’s appears to be a XMLRPC exploit going around at the moment, which uses the WordPress ‘Post PingBack’ feature to bounce calls from site to site, in turn if your site isn’t protected it could be possibly used to in DDOSing other sites.

DDOS = Denial-of-service attack, meant to full up and overload requests to your server, until real traffic ends up getting blocked or the server crashes.

iThemes Security offers blocking of XMLRPC, which I highly recommend using for at least the Pingback block, if not completely.

The exploit uses ‘libwww-perl’ User Agent, so if you don’t use that it could also be blocked. Note, this plugin use to have that on the default block list, but appears it doesn’t anymore by default?

Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites. Note that XMLRPC is used for pingbacks, trackbacks, remote access via mobile devices and many other features. So you might be using it for a good purpose.

Check your log files for repeats of (possibly every 15 seconds):
“GET /xmlrpc.php HTTP/1.1” “libwww-perl/6.05”

If someone else is affected and bombing your site, attempting to infect and/or DDOS you! I’m personally unaffected, but getting annoyed by the block logs, so advice people to check their own sites and perhaps enable a little more security options with this great plugin (XMLRPC and/or libwww-perl disabled or limited).

You can also check your website against some already known:
http://labs.sucuri.net/?is-my-wordpress-ddosing

https://wordpress.org/plugins/better-wp-security/