I got an automated alert on Sunday from my ISP noting high GPU usage on a Wordpress site with a couple of sub-domains. After checking their dashboard, I noticed that there were over 60,000 attempts to access xmlrpc.php, mostly from France and Serbia. I generally only need this for the Jetpack plugin, so for now I have just blocked access with a firewall rule, which seems to be working (GPU usage way down and access attempts listed in the CF log). However, I thought that Cloudflare was already blocking brute force attacks against xmlrpc while whitelisting the Jetpack plugin (link below). Do I need to do something in my account or have the ankle biters found a way around this?
That’s generally a distributed attack. Those are more difficult to fight off. You’ll need to spend some time crafting a detailed firewall rule that doesn’t block legitimate access.
Thanks for the response. I did find this example of a Cloudflare firewall rule which blocks xmlrpc access unless the IP address is within the known ranges used by the Jetpack plugin.
This topic was automatically closed after 30 days. New replies are no longer allowed.