Page 2 of 7

WordPress xmlrpc.php attack

Recently, one of my WordPress website has been attacked by thousands of request to the xmlrpc.php file. The attacks came from multiple ip address. Here is my apache access log(/var/apache2/access.log):

62.141.35.242 - - [15/May/2016:21:05:38 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
188.120.41.8 - - [15/May/2016:21:05:44 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
62.141.35.242 - - [15/May/2016:21:05:39 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
188.120.41.8 - - [15/May/2016:21:05:54 +0800] "POST /xmlrpc.php HTTP/1.1" 200 0 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
188.120.41.8 - - [15/May/2016:21:05:35 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
62.141.35.242 - - [15/May/2016:21:05:39 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
62.141.35.242 - - [15/May/2016:21:05:41 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
62.141.35.242 - - [15/May/2016:21:05:37 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
62.141.35.242 - - [15/May/2016:21:05:39 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
62.141.35.242 - - [15/May/2016:21:05:43 +0800] "POST /xmlrpc.php HTTP/1.1" 200 620 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)"

These attacks come and go, and they had took down my site several times over the last few months. I did some google and found out that this kind of attack has been around for a while. It attempts to use the xmlrpc.php file to brute force WordPress logins.

Solution

Block IPs with ufw

Most ubuntu server has ufw installed, it can be used to block specific ip address from accessing the server.

I run the following command(reference) to get a list of attacker’s ip addresses:

$ grep xmlrpc /var/log/apache2/access.log | cut -d' ' -f1 | sort | uniq -c | sort -rn | head

// results
6039 62.141.35.242
1566 154.16.63.40
1411 188.120.41.8
 248 195.2.252.132

Those numbers in front of IPs are the number of times each ip requested the xmlrpc.php file.

Then for each of the IP address, I used the following command to block them using ufw:

sudo ufw deny from 62.141.35.242 // replace with your attacker's ip address

I then ran the list attacker command a few more times after I blocked all IPs. Unfortunately, the access count is still increasing. There seems to be a problem with iptables on Ubuntu, but I couldn’t find a solution. So I tried another method to deal with these attacks.

Modifying Apache Virtual Host Config

Which is adding the following:

<VirtualHost>
…    
    <files xmlrpc.php>
      order allow,deny
      deny from all
    </files>
</VirtualHost>

to your WordPress apache virtual host config file.
My config file is the standard

/etc/apache2/sites-available/000-default.conf

Modifying this file will not block the attacker’s request, but reduce the amount of resources the request consumes on your server.

After I reload the apache with

sudo services apache2 restart

I was able to access my WordPress website again.

Typora – minimalistic markdown editor review

A little review to my favourite Markdown editor, Typora.

I read about Markdown 3 years ago when I was starting this blog. I was looking at the “Markdown Support” option in JetPack, a plugin of WordPress. I wondered what Markdown is and investigated it. No too long until I found its origin along with the Apple-centric blog.

Markdown allows you to write using an easy-to-read, easy-to-write plain text format

I enjoyed writing using Markdown since I discovered it, and I have always been looking for a better Markdown editor. I have tried Mou, MacDown, Byword and many more, but I have yet to find one that I truly love.

Until few months ago, I found Typora.

Typora is a truly minimalistic Markdown Editor. Not like the other editors, Typora doesn’t separate the markdown syntax from the live preview, the two are combined into one editor. As you type, your markdown syntax will be transformed to the actual preview, like a WYSIWYG editor.

Typora offers many other power features that let you take more advantage in using markdown. The one I use the most is the Table feature. Just fill in the row and column size in the popup window, and Typora will generate the table as you wanted. So you don’t need to bother with the crazy table syntax.

Markdown Syntax of table...

Markdown | Less | Pretty
--- | --- | ---
*Still* | `renders` | **nicely**
1 | 2 | 3

Table

Another feature I use all the time is the Table of Content. As the name suggested, it generates a ToC for you base on your current writing. Obviously, clicking on the links will direct you to the corresponding section.

Table of Content Feature

Last but not least, my favourite function, Themes! Typora uses CSS to theme it’s editor and all the built-in themes are all so beautiful, I am not even kidding.

Typora is currently on beta, and it’s free during beta! So give it a try and tell me what you think!

Thoughts on Freelance Jobs

Some common pitfalls and tips on freelance jobs, a reminder for myself.

  1. It’s always good to take deposits or partial payments as the project moves along.

    Asking for and accepting what you deserve at the right time can help maintaining the relationships between you and your clients. Since we are all here for business, thing will get complicated if we add unnecessary emotions to it. Taking payments reminds us about our stands, and of course, motivations to work on the project.

  2. Don’t do it if you can’t give it all you have.

    I like to help people and I feel good when I do it. However, you should always help yourself first. If you are too busy, if you cannot give your 100% effort to the project, don’t do it. Your clients will not be happy with the result and you will be wasting your time.

  3. Set a baseline, tell them about it, and never cross it.

    Clients come to you because you are an expert of something that they know nothing about. They often will ask you to do things that they think it’s easy, but in fact requires a lot of work. This is why it’s so important to give a clear guide line when you propose them with your solution. Clearly indicate what kind of items and services that are included, and give examples on the excluded ones. Tell them you are here to make a web app, and that doesn’t bundle a setting up the mail server.

  4. Don’t be afraid to re-negotiate.

    It’s very common for a project to go little side track, and extra costs arise. Don’t hold it back, tell your clients what is wrong. Is it an extra request? Explain it to them that this request will cost you extra hours, and you need to pay for the extra coffee. Service provider cost increased? Tell your clients and come up with a solution, whether it’s paying the cost or finding another provider. No matter what, don’t keep these problem to yourself because you won’t be happy.

  5. Stop when it’s right to do so.

    When you offer your help, make sure they are ready to accept it. Offering the advice they don’t want to hear not only will cost you a freelance job, but also a client. When you feel unhappy, or something unwilling has happened, talk to your client and terminate the project if you can. An unhealthy business relationship is not beneficial to any one.