Home
QuickhostUK – WordPress – Brute Force Amplification Attacks Against XMLRPC
Tags:, , ,

QuickhostUK – WordPress – Brute Force Amplification Attacks Against XMLRPC

October 12, 2015 No Comments apache server, quickhostuk, wordpress

As per Sucuri Security Advisory –

quickhostuk QuickhostUK - WordPress - Brute Force Amplification Attacks Against XMLRPC apache server quickhostuk wordpress

quickhostuk

Attackers are exploiting one of the hidden features of XML-RPC – using the system.multicall method to execute multiple Brute Force attempts inside a single post request. Instead of targeting wp-login.php directly, the user is circumventing the system by targeting methods within the very popular XML-RPC.

This attack is amplifying the Brute Force attempts in very high orders of magnitude, and disguising the attempts in a technique that makes it very difficult to identify and mitigate. By leveraging the system.multicall method within XML-RPC the attacker is able to hide 100’s / 1,000’s of passwords within a single HTTP / HTTPS request.

If you are a QuickHostUK Managed Hosting customer you are already being protected from this.

If you are not a QuickHostUK Managed Hosting customer please ensure you have also taken the appropriate actions to secure your own site(s). You are advised to block XML-RPC via your .htaccess files or use a method to strip requests targeting the system.multicall. Alternatively, we can handle this for you with our adhoc management scheme, which for this occurrence would be £10 inc VAT per site.

Please contact us if you wish to utilise this service or if you have any questions.

Kind Regards,

QuickHostUK Limited

GD Star Rating
loading...
300 words
Last Post: why C++ - another case study?
Next Post: Delphi TParallel Cleanup Needed

The Permanent URL is: QuickhostUK – WordPress – Brute Force Amplification Attacks Against XMLRPC

Related posts:

  1. Teaching Kids Programming – Count Days Spent Together (Intersection of Two Intervals + Line Sweep Algorithm) Teaching Kids Programming: Videos on Data Structures and Algorithms Alice and Bob are traveling to...
  2. Introducing the Pancake Sorting Algorithm Given an array of integers A, We need to sort the array performing a series...
  3. C/C++ Coding Exercise – Minimal Number of Replacements for Integer to Become One? Any positive integers will become 1 following the steps: (1) divide by 2 if it...
  4. Delphi Compiles Code to Linux 64-bit Server If you are on the EMB subscription, you should recently get invitiation email to try...
  5. Teaching Kids Programming – Two Array Intersection Algorithms Teaching Kids Programming: Videos on Data Structures and Algorithms Given two arrays, write a function...
  6. Teaching Kids Programming – Split With Minimum Sum (Heap, Priority Queue) Teaching Kids Programming: Videos on Data Structures and Algorithms Given a positive integer num, split...
  7. A Big Monitor Does Help in Improving Agile Development The company has purchased a 50inch big monitor to display code statistics generated at CI...
  8. The Complex Number Multiplication Function Given two strings representing two complex numbers. You need to return a string representing their...

Leave a Reply