Sunday, August 10, 2014

WordPress xmlrpc exploit

WordPress recently announced a bug in their xmlrpc implementation which can result in denial of service attacks by using large amounts of CPU. Many OCF-hosted sites are running affected versions of WordPress.

In response to activity which took out our webserver for about 15 minutes earlier tonight, we are blocking access to xmlrpc.php files to protect the shared OCF webserver. If you would like to request xmlrpc.php files be unblocked from your site, please contact us.

Now would be a good opportunity to make sure all the software on your website is up-to-date!