• Home
  • Contact
  • FAQs
    • What is Webcomics.com?
    • Member Benefits
    • How To Post an Article or News Item
    • How to Post a Webcomic on the List
    • How to Post a Comic
    • Terms of Service
  • Forums
  • WebComics List
  • Benefits
    • Print Vendors: Get multiple quotes
    • Banner stand: Discount
    • Consultation discount
    • “How To Make Webcomics” book: discount
    • “Webcomics Handbook”: discount
    • ALL benefits
  • My Account
    • Welcome
    • What is Webcomics.com?
    • My Subscription
    • Join us!
  • Account
  • Membership List
Twitter Email RSS

Webcomics.com

How To Make WebComics

WebComic Handbook

‹ Webcomics.com poll: Buffers Square files for IPO ›

Potential WordPress login Exploit (via XML-RPC)

Cult of BobThis post has been submitted by Webcomics.com member JJ Sandee, creator of Cult of Bob.

A recent exploit for WordPress has been going around that you should at the very least be aware of. Now it’s not an exploit in the sense that someone can gain access to your website through some backdoor, it’s more that because of the way a part of WordPress is built, doing a brute force is made easier.

The short version: If you have a plugin that limits repeated logins, you’re pretty much safe.

Read on to understand the details.

Brute Force Attack
A brute force attack means that someone just keeps trying username and password combinations until they gain access. Since we’re dealing with computers this means this can be automated. Which is always the case. Automated scripts will simply constantly attempt to log in to your website until they’re logged in.

XML-RPC
The XML-RPC protocol is basically a system that is part of WordPress that allows editing content on the site without using the normal admin. Examples of this are the Mobile App, and certain other tools that let your edit content. There are plugins that use this system to read and write data for both convenience and security, since it requires logging in to get at the data.

The basis of the exploit
The basic idea of the exploit is that XML-RPC allows multiple concurrent logins at once. The attack sends WordPress multiple names and passwords to try and log in. This is far more efficient than constantly reloading the login page. These scripts will either use commonly used usernames and passwords, or go through a list of farmed logins and passwords. Depending on what is available.

Motive
Unless you are a very high profile website, the primary reason to hack your site is to infect it with malware with the express purpose of further infecting other computers. These infected computers will then go on the hack or infect other computers. The general term for this is a Botnet (network of robots) and they tend to run entirely automated once started.

Solutions
One way is to turn off XML-RPC but this can break your site as various plugins might rely on it. A better method, and this has already been discussed in previous security related posts, is to limit the number of logins using a plugin such as Wordfence. (note: I am not affiliated with this plugin, merely pointing it out as being good) The login function goes through the same system regardless of using XML-RPC or the login page. So any limiter will block multiple login attempts.

Future
Because WordPress is used so widely, it’s a popular target to spread malware. Stuff like this will pop up regularly, but because it has such a large community, updates are quickly released to combat these issues. It’s important to be vigilant of updates, and potential threats as they pop up.

Share this:

  • Facebook
  • Twitter
by JJ Sandee on October 13, 2015
Posted In: Uncategorized
Comments available to logged in users only.


Recent comments

  • Shadowmark Productions on Webtoons acquires Wattpad
  • Shadowmark Productions on ComicLab Ep 151 — How to build an audience on social media
  • Shadowmark Productions on Eisner Awards: Call for Entries
  • Shadowmark Productions on Comicraft’s annual New Year’s Day Sale
  • Shadowmark Productions on CASE Act passes

Search




Webcomics.com Poll

I design my comic specifically for smartphones and digital tablets.

View Results

Loading ... Loading ...
  • Polls Archive

Categories

  • Archive Dive
  • Articles
    • Advertising
    • Art
    • Business
    • Community
    • Conventions
    • Creativity
    • Crowdfunding
    • Digital publishing
    • Image prep
    • Lettering
    • Marketing / Social Media
    • Merchandise
    • Print publishing
    • Tech
    • Web site
      • Web Site Design
    • Writing
  • ComicLab
  • Edited and Ready
  • Events
  • Guest
  • Hot Seat critiques
  • Information
  • Interviews
  • Livestream Chat
  • Mail Bag
  • Member Benefits
  • Promos
  • Site News
  • Studios
  • Surviving Creativity
  • To-Do List
  • Uncategorized
  • Video
  • Webcomics Confidential
  • Webcomics Weekly
  • Webcomics.com Poll

Tags

AdSense advertising Comic Easel comments composition contract copyright creativity exercise credit cards Crowdfunding digital lettering digital publishing Facebook Google Analytics holiday Humor IP KDP Kickstarter Kindle legal lettering line weight Longform comics Manga Studio merchandise NCS panels Patreon Promotion PulsePoint readers revenue SEO shipping social media Square taxes trademark Twitter typography Web design word balloons WordPress writing

Special Features

Just now, in the forum…

  • Quantity time vs quality time on social media
  • Writing a Slice of life
  • Can’t Set Up WordPress Site
  • Multiple Websites for Multiple comics?
  • How many to start with?

Recent Posts

  • Webtoons acquires Wattpad
  • Patreon’s proposed billing changes
  • Eisner Awards: Call for Entries
  • Finding the right format
  • NCS Divisional Awards: Call for entries

Recent Replies

  • Shadowmark Productions on Can’t Set Up WordPress Site
  • Brad Guigar on Can’t Set Up WordPress Site
  • Shadowmark Productions on Can’t Set Up WordPress Site
  • edustin78 on Can’t Set Up WordPress Site
  • Brad Guigar on Quantity time vs quality time on social media

Recent Topics

  • Quantity time vs quality time on social media by MrMcCloud
  • Writing a Slice of life by MrMcCloud
  • Can’t Set Up WordPress Site by edustin78
  • Multiple Websites for Multiple comics? by MrMcCloud
  • How many to start with? by Boofredlay

Recent Comments

  • Shadowmark Productions on Webtoons acquires Wattpad
  • Shadowmark Productions on ComicLab Ep 151 — How to build an audience on social media
  • Shadowmark Productions on Eisner Awards: Call for Entries
  • Shadowmark Productions on Comicraft’s annual New Year’s Day Sale
  • Shadowmark Productions on CASE Act passes
  • My Subscription
  • Contact
  • Store
  • Terms of Service
  • Account
  • Membership List

©2007-2021 Webcomics.com | Powered by WordPress with ComicPress | Subscribe: RSS | Back to Top ↑