xmlrpc.php attacks


I received heads up this morning from a friendly Twitter user (@adrianhungate) that my site was down and they were generously offering help to restore.

Rebooting the Ubuntu VPS brought it back on-line; but why did it occur?

My Duck Duck Fu turned up this useful, if not a little dated gem: Error establishing a database connection (WordPress)

grep xmlrpc /var/log/apache2/access.log
This showed evidence of several brute-force amplification attacks, which apparently exploit the XML-RPC functionality in WordPress, more details here: Securi.net

Small risk of anyone brute forcing access, I’ve a 100 character password, but this is a ball ache if it keeps happening regularly… awesome that there’s a bit of code to mitigate this eh 🙂
sudo a2enconf block-xmlrpc
sudo service apache2 restart

So blog back up, thanks to @adrianhungate for the heads up, all good for now 🙂