XML-RPC is a remote procedure call protocol that relies on Extensible Markup Language (XML) for call encoding and on HTTP for transporting.
Daniel Cid, CTO at Sucuri, a company that offers services for preserving the integrity of a website, says that this type of attacks have increased lately, because using XML-RPC works faster and the attempts are more difficult to detect.
He says that this sort of abuse is possible “because many calls in the WordPress XMLRPC implementation required a username and password.” By simply providing a pair of credentials, a reply is returned informing if the combination allows access to the administration panel of the website or not.
Starting July 4, Sucuri has seen that attacks leveraging these parameters have become more frequent. The numbers are impressive, with a ten-fold increase since the beginning of the month: two million attempts originating from 17,000 different IP addresses.
Cid reports:- 200,000 attempts in some days.
Daniel Cid mentions other forms of protection, such as WordPress plugins, but it seems that during his tests none of the tried ones managed to offer protection against XML-RPC calls.
Latest posts by William Fieldhouse (see all)
- A John McAfee-Backed ICO Exposed Thousands of Peoples Documents Due to Security Blunder - April 26, 2018
- Latest Hacking News Podcast #13 - April 17, 2018
- Latest Hacking News Podcast #12 - April 16, 2018