[OPLINTECH] DOS-like attacks
Daniel Nixon
nixonrd at oplin.org
Fri Aug 8 11:12:30 EDT 2014
For many months I have been troubleshooting webserver issues of the
lockup variety. Error logs sent me in several different directions until
it all came together. In this case a Netherlands IP was the culprit. I
also found one Ukrainian from an earlier log and, of course, the
crawlers from Palo Alto.
I'd always thought little ole libraries like us were below the radar
when it came to hackers. Not so. In our case our Wordpress was getting
pounded on a particular php file used to link comments from blogs to
blogs (XMLRPC). The intruder kept hitting the door to get in via the
XMLRPC hole, effectively locking up the server as it tried to respond to
the repeated requests.
Eventually looking in the right place, I found the trouble, a cure and,
coincidentally, Wordpress released a security update just one day
earlier. All applied and seem to be holding - so far.
I pass it along FWIW.
Dan
--
Daniel Nixon
Wilmington Public Library of Clinton County
268 N. South St., Wilmington, OH 45177
937-382-2417 x25
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20140808/7706908b/attachment.html>
More information about the OPLINTECH
mailing list