Malicious script exploits a vulnerability in WordPress Pingback for DDoS-attacks

Posted: December 20, 2012 in IT Security News, Security Notices
Tags: , ,

 Wordpress Vulnerability5 days ago on the Internet appeared malicious script that exploits vulnerabilities in WordPress Pingback API for DDoS-attacks.

Experts note that by accessing the WordPress XMLRPC API, using the file xmlrpc.php, attackers can not only use it for DDoS-attacks, but also to learn whether a host on the internal network, scan ports hosts inside the network, and even change setting Internal marshrutizatora.Po experts, at the moment the only solution for users who want to protect your site from malicious script that exploits vulnerabilities in WordPress Pingback API, rename or delete the file xmlrpc.php.

For the first time this vulnerability WordPress developers reported 6 years ago, but then did not take these messages seriously, citing the fact that there are so many ways to spend a DDoS-attack on the sites created on WordPress, as well, and how to combat them.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s