{"id":1169,"date":"2015-10-15T20:18:56","date_gmt":"2015-10-16T00:18:56","guid":{"rendered":"http:\/\/www.blogseye.com\/?p=1169"},"modified":"2015-10-15T20:18:56","modified_gmt":"2015-10-16T00:18:56","slug":"system-multicall-xmlrpc-exploit","status":"publish","type":"post","link":"http:\/\/blogseye\/2015\/10\/system-multicall-xmlrpc-exploit.html","title":{"rendered":"system.multicall xmlrpc exploit"},"content":{"rendered":"<p>I read about the system.multicall xmlrpc.php exploit on the <a href=\"https:\/\/blog.sucuri.net\/2015\/10\/brute-force-amplification-attacks-against-wordpress-xmlrpc.html\">sucuri blog<\/a>.<\/p>\n<p>I wrote a quick monitor and installed it but it didn&#8217;t catch anything. I decided to write an add-on for the Stop Spammers plugin, just in case.<\/p>\n<p>Today the monitor caught about 500 hits. Each hit had a thousand id\/password attempts. The add-on caught them before they could execute.<\/p>\n<p>You can only get the add-on if you download the beta version of the stop spammers plugin on this site. The plugin has an add-on installation page which includes the system multicall checker.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I read about the system.multicall xmlrpc.php exploit on the sucuri blog. I wrote a quick monitor and installed it but it didn&#8217;t catch anything. I decided to write an add-on for the Stop Spammers plugin, just in case. Today the monitor caught about 500 hits. Each hit had a thousand id\/password attempts. The add-on caught [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/posts\/1169"}],"collection":[{"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/comments?post=1169"}],"version-history":[{"count":1,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/posts\/1169\/revisions"}],"predecessor-version":[{"id":1170,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/posts\/1169\/revisions\/1170"}],"wp:attachment":[{"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/media?parent=1169"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/categories?post=1169"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/tags?post=1169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}