Sunday, January 22, 2006

xmlrpc

I was looking through my server logs, which is usually quite entertaining, but when I was browsing my 404's, I noticed an odd trend. I usually don't have more than a handful of 404's from my own bad links, but after looking at just the top few misplaced pages, it was clear something was strange. Have a look:



One thing is clear. Someone *really* wants to find a file called xmlrpc.php. After looking into what XML RPC is, I googled to see if anyone else was having these mysterious 404's. Apparently many major content management systems (including drupal, wordpress, and phpgroupware) have some pretty serious vulnerabilities involving this phprpc thing. Scary stuff. I was curious to see who was trying to find these security holes in MY website for about 34 seconds, then I got over it.

Moral of the story: Make sure you have all your patches installed!

posted @ 6:29 PM
comments
James said:
Man I can't count the number of times I've lost myself in error reports... Ok Ok I've never even looked at my website's error logs. But I do own a website, and that's all that matters
i was yelled at on sun, january 22 @ 8:14 pm
1
michael said:
hey, do you still read my lj? it was nice to catch up with you tonight...
i was yelled at on sun, january 22 @ 10:32 pm
2
Robert Douglass said:
Please note that there was a well publicized exploit in the PEAR XMLRPC library which many projects used, and this lead to a large number of security issues last year. Drupal offered a patch to stop the exploit within days and replaced the library altogether in a later release. If you're running the latest version of Drupal, you probably needn't worry about these attack attempts. As I write, the latest versions are 4.6.5 and 4.5.7.
i was yelled at on mon, january 23 @ 4:31 am
3

Add A Comment:

name
email
url

remember me