WordPress Pingback Portscanner – Metasploit Module

corpus

hello to all, happy new year
found today the following posts and i wanted to share them
WordPress Pingback Portscanner – Metasploit Module
http://www.pentestgeek.com/2013/01/03/wordpress-pingback-portscanner-metasploit-module/
a method to protect wordpress using .htacces
http://perishablepress.com/wordpress-xmlrpc-pingback-vulnerability/
and one using ossec
http://www.void.gr/kargig/blog/2013/01/03/mitigating-wordpress-xmlrpc-attack-using-ossec/

t0p3a

Great blocked it trough htaccess i guess wordpress should roll a update soon... but till then need to stay safe.

heiska

Interesting. Did not work on LEB (because the blog probably running WP version < 3.x (because @chief is too busy counting the BSA money (and posting ChicagoVPS ads) to upgrade the blog)).

zhuanyi

@heiska said: Interesting. Did not work on LEB (because the blog probably running WP version < 3.x (because @chief is too busy counting the BSA money (and posting ChicagoVPS ads) to upgrade the blog)).

@bamn, is that you again? How many accounts you got?

eastonch

Thanks for the post.

ErawanArifNugroho

another account of @bamn???

azizmb

If any one needs to know, can also deny access to xmlrpc in nginx by adding this to your site's conf file:

location ~ xmlrpc.php {

deny all;
}

wlanboy

Thank you for the warning.

AppDev

@azizmb said: If any one needs to know, can also deny access to xmlrpc in nginx by adding this to your site's conf file:

location ~ xmlrpc.php {
deny all;
}

thanks