Wordfence does not block XMLRPC attack
-
I have an ongoing attack on my site from to IP’s posting to xmlrpc.php, but I thought Wordfence should block these kind of attacks.
163.172.190.56 - - [04/Jan/2017:08:15:51 -0500] "POST /xmlrpc.php HTTP/1.0" 403 470 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 163.172.190.56 - - [04/Jan/2017:08:15:51 -0500] "POST /xmlrpc.php HTTP/1.0" 403 470 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 163.172.190.56 - - [04/Jan/2017:08:15:51 -0500] "POST /xmlrpc.php HTTP/1.0" 403 470 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 163.172.190.56 - - [04/Jan/2017:08:15:51 -0500] "POST /xmlrpc.php HTTP/1.0" 403 470 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 212.47.238.237 - - [04/Jan/2017:08:15:51 -0500] "POST /xmlrpc.php HTTP/1.0" 403 470 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 212.47.238.237 - - [04/Jan/2017:08:15:52 -0500] "POST /xmlrpc.php HTTP/1.0" 403 470 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 212.47.238.237 - - [04/Jan/2017:08:15:52 -0500] "POST /xmlrpc.php HTTP/1.0" 403 470 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 212.47.238.237 - - [04/Jan/2017:08:15:52 -0500] "POST /xmlrpc.php HTTP/1.0" 403 470 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
I have manually blocked these IPs in htaccess now so they get a 403 reply. When I got access to my site after blocking them, and checked the “live traffic” section in Wordfence, I see hundreds of these entries, but the IPs are not being blocked or throttled:
France France visited http://178.62.247.188/xmlrpc.php 1/4/2017 1:51:38 PM (26 minutes ago) IP: 163.172.190.56 [block] Hostname: 56-190-172-163.rev.cloud.scaleway.com Browser: IE version 7.0 Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)
The entries are shown as bots (grey).
The Wordfence options are set to block IPs after 20 unsuccessful attempts in 5 minutes, which is way below the rate of these attacks. They are coming in about twice per second from each IP.
Any help is appreciated!
- The topic ‘Wordfence does not block XMLRPC attack’ is closed to new replies.