Support » Plugin: BulletProof Security » xmlrpc hack attempt

  • Resolved flyfisher842

    (@flyfisher842)


    This showed up in one of my security logs today on an xmlrpc request. Is this what an injection would look like? And do I have to do something.

    [Large code excerpt removed by moderator per forum rules. Please use the pastebin for all large code excerpts. It works better anyway.]

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author AITpro

    (@aitpro)

    @mods – wow this one is fun. Check out the CSS/HTML throughout this thread page. LOL

    Plugin Author AITpro

    (@aitpro)

    @flyfisher842 – I am waiting to see what the Mods do about the triplicate posts before answering. The CSS/HTML of this thread post is all whacked out by your content. Awesome! LOL

    Plugin Author AITpro

    (@aitpro)

    Ok looks like the Mods wiped everything. Was like a bad acid trip there for a second. ha ha ha. Post only the security log entry and use the WP editor “code” button to wrap your Security Log entry in code tags/backticks.

    @mods – thanks. 🙂

    Plugin Author AITpro

    (@aitpro)

    Hello,
    Is there anybody in there?
    Just nod if you can hear me.
    Is there anyone at home?

    Plugin Author AITpro

    (@aitpro)

    And yeah if you didn’t already guess the reference to the Pink Floyd Comfortably Numb song….

    Come on now
    I hear you’re feeling down
    Well, I can ease your pain
    And get you on your feet again

    Relax
    I’ll need some information first
    Just the basic facts
    Can you show me where it hurts?

    There is no pain, you are receding
    A distant ship smoke on the horizon
    You are only coming through in waves
    Your lips move but I can’t hear what you’re saying
    When I was a child I had a fever
    My hands felt just like two balloons
    Now I’ve got that feeling once again
    I can’t explain, you would not understand
    This is not how I am
    I have become comfortably numb

    I have become comfortably numb

    O.K.
    Just a little pin prick
    There’ll be no more aaaaaaaah!
    But you may feel a little sick

    Can you stand up?
    I do believe it’s working, good
    That’ll keep you going through the show
    Come on, it’s time to go.

    There is no pain you are receding
    A distant ship smoke on the horizon
    You are only coming through in waves
    Your lips move but I can’t hear what you’re saying
    When I was a child
    I caught a fleeting glimpse
    Out of the corner of my eye
    I turned to look but it was gone
    I cannot put my finger on it now
    The child is grown
    The dream is gone
    I have become comfortably numb.

    Thread Starter flyfisher842

    (@flyfisher842)

    [403 POST Request: October 19, 2015 - 1:41 pm]
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 46.20.12.30
    Host Name: host-46-20-12-30.ttnetdc.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /xmlrpc.php
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24

    I this what you wanted? I can post the rest to the pastebin after I get signed up.

    Plugin Author AITpro

    (@aitpro)

    Yep that works. Looks like a typical blocked XML-RPC log entry. These old GET log entries are kind of boring now. Check out this new Bonus Custom Code and you will see some more interesting blocked attacks: http://forum.ait-pro.com/forums/topic/post-request-protection-post-attack-protection-post-request-blocker/.

    With the new Security Log Limit POST Request Body Data option and this Bonus Custom Code in the link above you can literally capture entire hacker scripts if you are into that thing.

    Plugin Author AITpro

    (@aitpro)

    Assuming all questions have been answered – thread has been resolved. If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved.

    Thread Start Date: 10-18-2015 to 10-19-2015
    Thread Resolved/Current Date: 10-23-2015

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘xmlrpc hack attempt’ is closed to new replies.