New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
WordPress Pingback Portscanner – Metasploit Module
hello to all, happy new year
found today the following posts and i wanted to share them
WordPress Pingback Portscanner – Metasploit Module
http://www.pentestgeek.com/2013/01/03/wordpress-pingback-portscanner-metasploit-module/
a method to protect wordpress using .htacces
http://perishablepress.com/wordpress-xmlrpc-pingback-vulnerability/
and one using ossec
http://www.void.gr/kargig/blog/2013/01/03/mitigating-wordpress-xmlrpc-attack-using-ossec/
Comments
Great blocked it trough htaccess i guess wordpress should roll a update soon... but till then need to stay safe.
Interesting. Did not work on LEB (because the blog probably running WP version < 3.x (because @chief is too busy counting the BSA money (and posting ChicagoVPS ads) to upgrade the blog)).
@bamn, is that you again? How many accounts you got?
Thanks for the post.
another account of @bamn???
If any one needs to know, can also deny access to xmlrpc in nginx by adding this to your site's conf file:
deny all;
}
Thank you for the warning.
thanks