wordpress POST xmlrpc.php WTF ?

WordPress is widespread because it is such a good blogging platform, CMS, DMS and you-name-it. Unfortunately it means that it becomes the target of many spam and DoS attacks.

The one that is steaming right now it the one that fills your logs with this: wp.libpf.com - [04/Sep/2014:07:33:30 +0000] "POST /xmlrpc.php HTTP/1.0" 403 345 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" wp.libpf.com - [04/Sep/2014:07:34:02 +0000] "POST /xmlrpc.php HTTP/1.1" 403 345 "-" "-"

To block it, add this to your lighttpd.conf:
url.access-deny = ( "~", ".inc", "xmlrpc.php" )

and restart it:
service lighttpd restart

About paolog

homo technologicus cynicus
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *