-1

I have a website setup on IIS 7 hosted on a Windows Virtual Private Server and I've noticed that it's being attacked using the Wordpress Pingback/XML-RPC method which is causing my website to go offline.

Here are logs;

2014-08-08 00:56:40 *IP ADDRESS HERE* GET / - 80 - *IP ADDRESS HERE* WordPress;+*WEBSITE SENDING ATTACKS HERE*+verifying+pingback+from+*IP ADDRESS HERE* 302 0 0 1593
2014-08-08 00:56:*IP ADDRESS HERE* GET / - 80 - *IP ADDRESS HERE* - 302 0 0 2607

I have been trying to figure out ways to stop this from happening (via web.config/url rewrite) and nothing has seeemed to be working. :(

I am also getting blank user-agent headers as well in logs.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
tyler
  • 11
  • 1

1 Answers1

0

If you don't the RPC interface you could just simply turn it off.

Or you could install a Wordpress plugin, like Better Security, and use this to protect your WP installation from those attacks.

Marc Stürmer
  • 1,904
  • 13
  • 15