As per Sucuri Security Advisory –
Attackers are exploiting one of the hidden features of XML-RPC – using the system.multicall method to execute multiple Brute Force attempts inside a single post request. Instead of targeting wp-login.php directly, the user is circumventing the system by targeting methods within the very popular XML-RPC.
This attack is amplifying the Brute Force attempts in very high orders of magnitude, and disguising the attempts in a technique that makes it very difficult to identify and mitigate. By leveraging the system.multicall method within XML-RPC the attacker is able to hide 100’s / 1,000’s of passwords within a single HTTP / HTTPS request.
If you are a QuickHostUK Managed Hosting customer you are already being protected from this.
If you are not a QuickHostUK Managed Hosting customer please ensure you have also taken the appropriate actions to secure your own site(s). You are advised to block XML-RPC via your .htaccess files or use a method to strip requests targeting the system.multicall. Alternatively, we can handle this for you with our adhoc management scheme, which for this occurrence would be £10 inc VAT per site.
Please contact us if you wish to utilise this service or if you have any questions.
Kind Regards,
QuickHostUK Limited
loading...
Last Post: why C++ - another case study?
Next Post: Delphi TParallel Cleanup Needed