{"id":708,"date":"2014-07-23T14:20:28","date_gmt":"2014-07-23T14:20:28","guid":{"rendered":"http:\/\/ixyzero.com\/blog\/?p=708"},"modified":"2014-07-23T14:20:28","modified_gmt":"2014-07-23T14:20:28","slug":"%e5%88%a9%e7%94%a8xmlrpc-php%e5%af%b9wordpress%e8%bf%9b%e8%a1%8c%e6%9a%b4%e5%8a%9b%e7%a0%b4%e8%a7%a3%e6%94%bb%e5%87%bb","status":"publish","type":"post","link":"https:\/\/ixyzero.com\/blog\/archives\/708.html","title":{"rendered":"\u5229\u7528xmlrpc.php\u5bf9WordPress\u8fdb\u884c\u66b4\u529b\u7834\u89e3\u653b\u51fb"},"content":{"rendered":"<p>\u665a\u4e0a\u5b66\u8f66\u56de\u6765\u4e4b\u540e\u901bFreebuf\u4e0a\u770b\u5230\u7684\u6587\u7ae0\uff1a<a href=\"http:\/\/www.freebuf.com\/articles\/web\/38861.html\" target=\"_blank\">\u5229\u7528xmlrpc.php\u5bf9WordPress\u8fdb\u884c\u66b4\u529b\u7834\u89e3\u653b\u51fb<\/a> \uff0c\u7136\u540e\u60f3\u8d77\u4e4b\u524d\u5728WooYun\u77e5\u8bc6\u5e93\u4e2d\u6709\u4e00\u7bc7\u548cWordPress\u76f8\u5173\u7684\u5b89\u5168\u6587\u7ae0\uff1a<a href=\"http:\/\/drops.wooyun.org\/news\/1062\" target=\"_blank\">\u8d85\u8fc716W\u7684WordPress\u7f51\u7ad9\u88ab\u7528\u6765\u505aDDoS\u653b\u51fb<\/a>\uff0c\u4e8e\u662f\u7acb\u9a6c\u767b\u9646\u670d\u52a1\u5668\u770b\u770b\u6709\u6728\u6709\u4ec0\u4e48\u626b\u63cf\u5668\u5149\u987e\u4e86\u6211\u7684blog\uff0c\u53d1\u73b0\u4e86\u4e0d\u5c11404\u8bf7\u6c42\uff08\u4e0d\u8bf4\u4e86\uff0c\u8fd9\u4e48\u591a\u5929\u6bcf\u5929\u90fd\u6709\uff0c\u53d1\u73b0\u4e00\u4e2a\u5c4f\u853d\u4e00\u6bb5\uff09\uff0c\u4f46\u662f\u5e78\u597d\u6ca1\u6709xmlrpc.php\u9875\u9762\u7684\uff08\u4e0d\u77e5\u662f\u8be5\u9ad8\u5174\u8fd8\u662f\u611f\u89c9\u843d\u5bdeo(\u256f\u25a1\u2570)o\uff09<\/p>\n<p>\u7136\u540e\u987a\u7740Freebuf\u4e0a\u7ed9\u51fa\u7684\u76f8\u5173\u94fe\u63a5\uff1a<a href=\"http:\/\/blog.tigertech.net\/posts\/blocking-wordpress-xmlrpc-password-attempts\/\" target=\"_blank\">Blocking more WordPress xmlrpc.php attacks<\/a>\u00a0\u7ed3\u5408Freebuf\u4e0a\u7684\u8bf4\u660e\u4ee5\u53ca\u81ea\u5df1\u7528Fiddler2\u8fdb\u884c\u7684\u7b80\u5355POST\u53d1\u5305\u6d4b\u8bd5\uff0c\u5b66\u4e60\u5230\u4e86\u4e9b\u4e1c\u897f\uff0c\u8fd9\u5c31\u591f\u4e86\u3002<\/p>\n<p>\u6d4f\u89c8\u5668\u76f4\u63a5\u8bbf\u95ee\uff1ahttp:\/\/ixyzero.com\/blog\/xmlrpc.php<\/p>\n<p>\u8fd4\u56de\uff1a<span style=\"color: #ff0000;\">XML-RPC server accepts POST requests only.<\/span><\/p>\n<p>\u8fd9\u6b21\u8fd9\u79cd\u5229\u7528xmlrpc.php\u7684\u653b\u51fb\u53ef\u4ee5\u7ed5\u8fc7WordPress\u767b\u5f55\u63a5\u53e3\u7684\u66b4\u529b\u7834\u89e3\u9632\u62a4\u3002\u653b\u51fb\u7684\u65b9\u5f0f\u76f4\u63a5POST\u4ee5\u4e0b\u6570\u636e\u5230xmlrpc.php.<\/p>\n<pre class=\"lang:default decode:true \">&lt;?xml version=\"1.0\" encoding=\"iso-8859-1\"?&gt;\n&lt;methodCall&gt;\n  &lt;methodName&gt;wp.getUsersBlogs&lt;\/methodName&gt;\n  &lt;params&gt;\n   &lt;param&gt;&lt;value&gt;username&lt;\/value&gt;&lt;\/param&gt;\n   &lt;param&gt;&lt;value&gt;password&lt;\/value&gt;&lt;\/param&gt;\n  &lt;\/params&gt;\n&lt;\/methodCall&gt;<\/pre>\n<p>\u5176\u4e2dusername\u5b57\u6bb5\u662f\u9884\u5148\u6536\u96c6\u7684\u7528\u6237\u540d\u3002password\u662f\u5c1d\u8bd5\u7684\u5bc6\u7801\u3002\u5173\u4e8egetUsersBlogs\u63a5\u53e3\u7684\u66f4\u591a\u4fe1\u606f\u53ef\u4ee5\u53c2\u8003<a href=\"http:\/\/codex.wordpress.org\/XML-RPC_wp#wp.getUsersBlogs\" target=\"_blank\">\u5b98\u65b9\u7684\u6307\u5357<\/a>\u3002<\/p>\n<h4>\u89e3\u51b3\u65b9\u6848\u662f\uff1a<\/h4>\n<h3 style=\"color: #000000;\">What can I do to prevent these attacks?<\/h3>\n<p style=\"color: #000000;\">Choose a strong password. Update WordPress and your plugins as soon as updates are available.\u00a0<a style=\"color: #772299;\" href=\"https:\/\/wordpress.org\/plugins\/google-authenticator\/\">Use two factor authentication<\/a>.\uff08\u9009\u62e9\u4e00\u4e2a\u8db3\u591f\u590d\u6742\u7684\u5bc6\u7801(<span style=\"color: #ff0000;\">\u5bf9\u4efb\u4f55\u66b4\u529b\u7834\u89e3\u7684\u9632\u62a4\u5747\u9002\u7528<\/span>)\uff1b\u53ca\u65f6\u66f4\u65b0WordPress\u53ca\u5176\u63d2\u4ef6\uff1b\u5b89\u88c5\/\u542f\u7528Google\u7684\u4e24\u6b65\u9a8c\u8bc1\u529f\u80fd\u63d2\u4ef6\uff09<\/p>\n<p style=\"color: #000000;\">Doing just those three things will ensure that attacks like this have no effect on your site, whether your hosting company is able to block them or not.<\/p>\n<h5 style=\"color: #000000;\">\u53c2\u8003\u94fe\u63a5\uff1a<\/h5>\n<ul>\n<li><a href=\"http:\/\/www.freebuf.com\/articles\/web\/38861.html\" target=\"_blank\">\u5229\u7528xmlrpc.php\u5bf9WordPress\u8fdb\u884c\u66b4\u529b\u7834\u89e3\u653b\u51fb &#8211; FreeBuf.COM<\/a><\/li>\n<li><a href=\"http:\/\/blog.tigertech.net\/posts\/blocking-wordpress-xmlrpc-password-attempts\/\" target=\"_blank\">Blocking more WordPress xmlrpc.php attacks | Tiger Technologies Blog<\/a><\/li>\n<li><a href=\"http:\/\/codex.wordpress.org\/XML-RPC_wp#wp.getUsersBlogs\" target=\"_blank\">XML-RPC wp \u00ab WordPress Codex<\/a><\/li>\n<li><a href=\"http:\/\/drops.wooyun.org\/news\/1062\" target=\"_blank\">\u8d85\u8fc716W\u7684WordPress\u7f51\u7ad9\u88ab\u7528\u6765\u505aDDoS\u653b\u51fb | WooYun\u77e5\u8bc6\u5e93<\/a><\/li>\n<li><a href=\"http:\/\/www.freebuf.com\/articles\/808.html\" target=\"_blank\">WordPress\u5b89\u5168\u68c0\u6d4b\u5de5\u5177 &#8211; FreeBuf.COM<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u665a\u4e0a\u5b66\u8f66\u56de\u6765\u4e4b\u540e\u901bFreebuf\u4e0a\u770b\u5230\u7684\u6587\u7ae0\uff1a\u5229\u7528xmlrpc.php\u5bf9WordPress\u8fdb\u884c\u66b4\u529b\u7834\u89e3\u653b\u51fb \uff0c [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[99,260],"class_list":["post-708","post","type-post","status-publish","format-standard","hentry","category-security","tag-wordpress","tag-xmlrpc"],"views":5851,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/708","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=708"}],"version-history":[{"count":0,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/708\/revisions"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=708"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=708"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=708"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}