Shulou(Shulou.com)06/01 Report--

Today, I would like to talk to you about how to shut down xmlrpc.php. Many people may not know much about it. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something from this article.

Disable xmlrpc.php files of Wordpress to avoid brute force cracking

Analysis.

Since there is a record of login failure, try substituting IP into the system log to match, select a recorded IP to match, and execute the grep command:

Grep "68.66.216.53" access.log

See the log to confirm that the other party accessed the file / xmlrpc.php using POST

Further use the command to trace the number of occurrences of the xmlrpc.php file and execute the grep and wc commands

Grep "xmlrpc.php" access.log | wc-l

It shows that as of tonight, it has been detected 57090 times in batch.

Solve

The key to the solution is to block / disable xmlrpc.php. In case of possible side effects, I first checked Baidu and collected some information:

If the website program uses the pingback feature, blocking xmlrpc.php will cause the feature to be unavailable

Using plug-ins such as JetPack, and then deleting xmlrpc.php will result in website exception.

Some components of the old version of Wordpress depend on xmlrpc.php, which will cause some strange problems after deletion.

At present, none of the above three items are related to this site, so I can solve this problem permanently.

Delete the xmlrpc.php file with the rm-rf xmlrpc.php command, but it is not recommended to delete it directly, because it will be troublesome if there is no backup if something goes wrong

Use the mv command to move the xmlrpc.php file (rename it casually):

Mv xmlrpc.php xmlrpc.php.sajdAo9ahnf$d9ha90hw9whw

Use the chmod command to disable all permissions for xmlrpc.php:

Chmod 000 xmlrpc.php

The Apache server can set parameters to jump access:

_ Redirect 301 / xmlrpc.php http://baidu.com

The Nginx server can set parameters to disable access:

Location ~ * / xmlrpc.php {deny all;} after reading the above, do you have any further understanding of how to shut down xmlrpc.php? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.