How to prevent XML-RPC exploits

XML-RPC loop hole allowed the hackers to exploit the systems for long time until I found one day that the default configuration of xml-rpc is set up such a way that it can be easily used against the same system.

What is xml-rpc ?

XML-RPC is a remote procedure call which allows anyone to interact with the portal remotely. To simplify these calls can be used to login to the portal without using standard login mechanism. Also It can be easily used to exploit the system as it allows to attempt multiple logins thereby giving hackers opportunity to repeatedly try various usernames and passwords.

Why hackers use xml-rpc ?

These calls are still used by a lot of useful software applications, hence disabling it completely can come in the way of many of the these useful applications.

Although there are various methods to handle it, one of it which is deployed in current systems is that if one login through xml-rpc fails, it will drop all subsequent logins silently.

xml-rpc & DDOS attack

Given the usefulness of xml-rpc, it can not be entirely sidelined hence it becomes easy to use it for DDOS attack.

How to check if xml-rpc is enabled on your portal ?

If your website is made with php, check if xmlrpc.php exists and it contains following entry

XML-RPC server accepts POST requests only

Two main loop holes

1.It can be used for D-DOS attack.

2.It can be used to try different user id and password.

What is your thought and experience on same. Do let me know in comment.

Do not forget to audit your portal for same.

Author: Rajnish K

About Author : 

Rajnishk is founder of studyobject.com , R&D Expert ,passionate for Web Stack. He can be reached at [email protected]m