Comments on: Nasty little spammers http://www.splee.co.uk/2008/07/23/nasty-little-spammers/ Bring out the g33k Thu, 20 Nov 2008 16:34:39 +0000 http://wordpress.org/?v=2.6 By: Splee http://www.splee.co.uk/2008/07/23/nasty-little-spammers/#comment-34221 Splee Mon, 28 Jul 2008 08:04:54 +0000 http://www.splee.co.uk/?p=271#comment-34221 @Daniel I've read a lot of forum posts (admittedly quite old) that point the finger at XML-RPC as the source of at least some of these types of attack. Some (if not all) of these security holes may have been fixed, but I think this has been going on for a while given the timestamps on the modified files so I really have no way of knowing what caused the issue. However, in the interest of not spreading FUD, I'm going to update my post as I can't be certain that XML-RPC was to blame. I'm also going to be enabling XML-RPC again to try out MarsEdit as I really liked the application once I got it working =) @Daniel I’ve read a lot of forum posts (admittedly quite old) that point the finger at XML-RPC as the source of at least some of these types of attack. Some (if not all) of these security holes may have been fixed, but I think this has been going on for a while given the timestamps on the modified files so I really have no way of knowing what caused the issue.

However, in the interest of not spreading FUD, I’m going to update my post as I can’t be certain that XML-RPC was to blame.

I’m also going to be enabling XML-RPC again to try out MarsEdit as I really liked the application once I got it working =)

]]> By: Daniel Jalkut http://www.splee.co.uk/2008/07/23/nasty-little-spammers/#comment-34220 Daniel Jalkut Thu, 24 Jul 2008 03:37:40 +0000 http://www.splee.co.uk/?p=271#comment-34220 Sorry to hear you were hacked ;( I was hacked recently as well. You might be interested to know though that I talked to some folks on the WordPress team about the security of XMLRPC, and as far as they know none of these hacks is happening *because* of XMLRPC, even though as you witnessed they sometimes screw up the XMLRPC results. More likely the blog got compromised before you updated to 2.6, and it infected one of your plugins, or installed a bogus plugin that is re-infecting you. It's hard to say, but in any case I wouldn't make the assume you're improving the security by turning off XMLRPC. Daniel Sorry to hear you were hacked ;( I was hacked recently as well. You might be interested to know though that I talked to some folks on the WordPress team about the security of XMLRPC, and as far as they know none of these hacks is happening because of XMLRPC, even though as you witnessed they sometimes screw up the XMLRPC results.

More likely the blog got compromised before you updated to 2.6, and it infected one of your plugins, or installed a bogus plugin that is re-infecting you. It’s hard to say, but in any case I wouldn’t make the assume you’re improving the security by turning off XMLRPC.

Daniel

]]>