Wordpress xmlrpc is efficient.

home | blog | Terrible people and places | Covid-19 links | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts




So, lets say you want to block rampant password guessers.
You install the venerable WP Fail2ban:
https://wordpress.org/plugins/wp-fail2ban/
The only problem is, they can pretty much post rapid fire to xmlrpc.php.
Jan 18 12:18:15 server wordpress(website.com)[29805]: Authentication failure for username from ba.d.guy.ip
Jan 18 12:18:15 server wordpress(website.com)[29805]: Authentication failure for username from ba.d.guy.ip
Jan 18 12:18:15 server wordpress(website.com)[29805]: Authentication failure for username from ba.d.guy.ip
Jan 18 12:18:15 server wordpress(website.com)[29805]: Authentication failure for username from ba.d.guy.ip
...
Same thing repeated 200 times per second....

With the only entry in the Apache log being:
website.com_access_log:ba.d.guy.ip - - [18/Jan/2016:12:17:41 -0600] "POST /xmlrpc.php HTTP/1.0" 200 401 "-" "-"

So, it looks like you need multiple layers to protect this thing. (Wordfence and WP Fail2ban).
Quite an interesting industry sprouting up around this bit of code (Wordpress).



[æ]