V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
edis0n0
V2EX  ›  程序员

WP 搭建的外贸站 CMS, Discord Bot 每天访问 xmlrpc. PHP 的作用是什么?今天检测日志发现 Discord Bot 每天都访问这个文件,听说这文件有漏洞被我删除了导致每天都有几条这个文件的 404 错误

  •  
  •   edis0n0 · 2023-03-05 14:05:27 +08:00 · 1344 次点击
    这是一个创建于 636 天前的主题,其中的信息可能已经有所发展或是发生改变。
    4 条回复    2023-03-06 10:15:27 +08:00
    jlmzzz
        1
    jlmzzz  
       2023-03-05 15:30:47 +08:00
    WordPress XML-RPC Pingback Vulnerability

    Threat

    XML-RPC in WordPress is an API which allows developers who make third party application and services the ability to interact to your WordPress site using
    features like Trackbacks and Pingbacks.
    The Pingback feature of XML-RPC API allows attacks like DDOS and Server-Side Request Forgery (SSRF) either against the server hosting WordPress or
    against a target server.
    QID Detection Logic:
    This detection sends a POST request with XML data with invalid URL to verify the presence of vulnerability.

    Impact

    On Successful exploitation, an attacker can control a WordPress site to conduct DDOS or Server-Side Request Forgery (SSRF) attack against a target server.

    Solution

    Remove "pingback.ping" method from XML-RPC.
    00chang
        2
    00chang  
       2023-03-05 15:47:49 +08:00
    The xmlrpc.php file is a critical part of the WordPress CMS system, which is responsible for handling remote API requests. However, it has been found that the Pingback feature in XML-RPC API has a vulnerability that allows attackers to conduct DDOS or Server-Side Request Forgery (SSRF) attacks.

    Therefore, it's essential to ensure that the Pingback feature is disabled on the WordPress site by removing the "pingback.ping" method from XML-RPC to minimize the risk of attacks. It's also recommended to keep the WordPress site and all plugins and themes up-to-date to stay protected from known vulnerabilities.


    chatgpt 的回复
    janus77
        3
    janus77  
       2023-03-05 16:01:22 +08:00
    楼上太吓人了
    guxin0123
        4
    guxin0123  
       2023-03-06 10:15:27 +08:00
    建议装一个 wordfence 插件, 按照提示仔细检查一下
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2569 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 22ms · UTC 03:30 · PVG 11:30 · LAX 19:30 · JFK 22:30
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.