User Tools

Site Tools


pfsense:suricata:alerts:et_scan_possible_wordpress_xmlrpc.php_bruteforce_in_progress_-_response

PFSense - Suricata - Alerts - ET SCAN Possible WordPress xmlrpc.php BruteForce in Progress - Response

XML-RPC is a feature of WordPress that enables data to be transmitted, with HTTP acting as the transport mechanism and XML as the encoding mechanism.

Since WordPress is not a self-enclosed system and occasionally needs to communicate with other systems, this was sought to handle that job.

The biggest issues with XML-RPC are the security concerns that arise. The issues aren’t with XML-RPC directly, but instead how the file can be used to enable a brute force attack on your site.

The are two main weaknesses to XML-RPC are:

  1. Using brute force attacks to gain entry to your site.
    • An attacker will try to access your site using xmlrpc.php by using various username and password combinations.
    • They can effectively use a single command to test hundreds of different passwords.
    • This allows them to bypass security tools that typically detect and block brute force attacks.
  2. The second was taking sites offline through a DDoS attack.
    • Hackers would use the pingback feature in WordPress to send pingbacks to thousands of sites instantaneously.
    • This feature in xmlrpc.php gives hackers a nearly endless supply of IP addresses to distribute a DDoS attack over.
pfsense/suricata/alerts/et_scan_possible_wordpress_xmlrpc.php_bruteforce_in_progress_-_response.txt · Last modified: 2021/01/15 18:51 by peter

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki