Explore tweets tagged as #XMLRPC
一応WordPressの認定デベロッパーなので2作目を投下したけど中々審査入らないなー 機能的には ・REST API経由でのPOST PUT PATCH DELETEを制限する ・ホワイトリストに登録した経路は許可する ・XMLRPCを封鎖する というセキュリティ制御型プラグインになります
0
0
3
I keep getting these pings on my site: /wp-login.php /xmlrpc.php /.env Is someone trying to test for weaknesses on my site???
33
3
65
This tiny bit of Nginx config is all you need to rate-limit POST requests to wp-login.php and xmlrpc.php, and stop those brute-force attacks: https://t.co/Kb8l780MZ9
2
4
9
Found myself needing to harden a simple WordPress site that got hammered by hackers and bots. Here's a simple hack to block all traffic to xmlrpc.php and wp-login.php for anyone except your own IP address in Cloudflare.
13
11
91
много думаю. просто ГДЕ? где ИИ надыбает глубокое исследование предметной области? последние его провалы, из моей практики: - что-то про ffmpeg - xmlrpc в java
0
0
1
0
8
40
DNS Beacon -> Discord Webhook can be useful for many things! For example, to check if a WordPress site has XMLRPC- enabled. Here I modded the implant from my pingback.transfer project to send a ping to " http://HelloWorld.plaintxt.<LISTENER_DOMAIN>". sources coming soon :)
1
1
7
Hadn't looked at the raw site access logs for a while. The majority of traffic is 🤖 bots hitting the wp-login.php and xmlrpc.php with POST requests attempting to brute-force the login.
1
0
0
Why is @pdnuclei sending a bunch of requests to https://t.co/12v4b0BqhG just for checking a simple xmlrpc file?
0
0
2
I decided to exploit the Xmlrpc SSRF hidden WordPress bug on an Indian academic institution website 🪲 भारतीय भाई #bugbountytips #bug
3
0
10
这两天 Numpkin 官网在持续地被人攻击。 一般情况下,每天都有爬虫访问几个比较敏感的路径,但最多就几个请求。 可是这两天有几个 IP,比较集中地发送了大量请求来爆破。 昨天没管,今天去看了下日志—— 亲爱的黑客朋友,咱就是说要不把 xmlrpc 拼写对再来爆破... 你写成 xmrlpc 不是白干了吗...
2
0
20
今天吃着吃着饭给我手机弹告警了,mysql被打崩自动重启了 一看,原来是sougo/baidu/google/bing爬虫齐上阵 仔细一想,我配了cache,都是静态缓存,怎么会查库呢 看了下日志,全打上/xmlrpc.php上了 这个功能提供远程管理/pingback等服务,可是我几乎用不上 好了,开摆!直接nginx改配置deny all
2
0
12