XMLRPC, eh?
January 30, 2008 at 12:00 AM | categories: home | View CommentsToday I noticed some link-spam and wp-stats iframes in my last three posts. After removing the symptoms, I went looking for the culprit. I suspect that there's a flaw in xmlrpc.php, and that's how my site was compromised.
219.204.252.200 - - [25/Jan/2008:07:11:30 -0800] "POST /wordpress/xmlrpc.php HTTP/1.0" 200 2736 "-" "Opera/9.01 (Windows NT 5.0; U; en)"
62.65.159.182 - - [25/Jan/2008:07:12:37 -0800] "POST /wordpress/xmlrpc.php HTTP/1.0" 200 163 "-" "Opera/9.01 (Windows NT 5.0; U; en)"
222.122.148.83 - - [28/Jan/2008:08:25:55 -0800] "POST /wordpress/xmlrpc.php HTTP/1.0" 200 3042 "-" "Opera/9.01 (Windows NT 5.0; U; en)"
121.144.82.209 - - [28/Jan/2008:08:26:44 -0800] "POST /wordpress/xmlrpc.php HTTP/1.0" 200 163 "-" "Opera/9.01 (Windows NT 5.0; U; en)"
201.0.51.181 - - [28/Jan/2008:08:27:43 -0800] "POST /wordpress/xmlrpc.php HTTP/1.0" 200 163 "-" "Opera/9.01 (Windows NT 5.0; U; en)"
222.122.148.83 - - [28/Jan/2008:08:25:55 -0800] "POST /wordpress/xmlrpc.php HTTP/1.0" 200 3042 "-" "Opera/9.01 (Windows NT 5.0; U; en)"
121.144.82.209 - - [28/Jan/2008:08:26:44 -0800] "POST /wordpress/xmlrpc.php HTTP/1.0" 200 163 "-" "Opera/9.01 (Windows NT 5.0; U; en)"
201.0.51.181 - - [28/Jan/2008:08:27:43 -0800] "POST /wordpress/xmlrpc.php HTTP/1.0" 200 163 "-" "Opera/9.01 (Windows NT 5.0; U; en)"
POSTs to xmlrpc.php seem like an odd thing, especially since these IPs are nothing special.
Name: softbank219204252200.bbtec.net
Address: 219.204.252.200
62.65.159.182 does not exist (Authoritative answer)
222.122.148.83 does not exist (Authoritative answer)
121.144.82.209 does not exist (Authoritative answer)
Name: 201-0-51-181.dsl.telesp.net.br
Address: 201.0.51.181
222.122.148.83 does not exist (Authoritative answer)
121.144.82.209 does not exist (Authoritative answer)
Name: 201-0-51-181.dsl.telesp.net.br
Address: 201.0.51.181
For the moment, I've disabled xmlrpc.php entirely. Let's hope that fixes the problem.
Content server scalability in JDAM
January 17, 2008 at 10:50 AM | categories: MarkLogic | View Comments
The current issue of JDAM is a MarkLogic showcase, with two articles by our customers plus my article on content server scalability.
Abstract: The growing size and complexity of content makes it increasingly difficult for content management systems and content-based applications to keep up. Fast access to terabytes (TB) of eXtensible Markup Language is increasingly important to many companies and organizations. Filesystems and relational database management systems are adequate for gigabytes of rich content, but TBs demand a repository that was built for content.
Abstract: The growing size and complexity of content makes it increasingly difficult for content management systems and content-based applications to keep up. Fast access to terabytes (TB) of eXtensible Markup Language is increasingly important to many companies and organizations. Filesystems and relational database management systems are adequate for gigabytes of rich content, but TBs demand a repository that was built for content.