Title: xmlrpc hack attempt
Last modified: August 30, 2016

---

# xmlrpc hack attempt

 *  Resolved [flyfisher842](https://wordpress.org/support/users/flyfisher842/)
 * (@flyfisher842)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/xmlrpc-hack-attempt-2/)
 * This showed up in one of my security logs today on an xmlrpc request. Is this
   what an injection would look like? And do I have to do something.
 * [Large code excerpt removed by moderator per [forum rules](https://codex.wordpress.org/Forum_Welcome#Posting_Code).
   Please use [the pastebin](http://wordpress.pastebin.com/) for all large code 
   excerpts. It works better anyway.]

Viewing 8 replies - 1 through 8 (of 8 total)

 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/xmlrpc-hack-attempt-2/#post-6664099)
 * [@mods](https://wordpress.org/support/users/mods/) – wow this one is fun. Check
   out the CSS/HTML throughout this thread page. LOL
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/xmlrpc-hack-attempt-2/#post-6664102)
 * [@flyfisher842](https://wordpress.org/support/users/flyfisher842/) – I am waiting
   to see what the Mods do about the triplicate posts before answering. The CSS/
   HTML of this thread post is all whacked out by your content. Awesome! LOL
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/xmlrpc-hack-attempt-2/#post-6664103)
 * Ok looks like the Mods wiped everything. Was like a bad acid trip there for a
   second. ha ha ha. Post only the security log entry and use the WP editor “code”
   button to wrap your Security Log entry in code tags/backticks.
 * [@mods](https://wordpress.org/support/users/mods/) – thanks. 🙂
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/xmlrpc-hack-attempt-2/#post-6664198)
 * Hello,
    Is there anybody in there? Just nod if you can hear me. Is there anyone
   at home?
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/xmlrpc-hack-attempt-2/#post-6664199)
 * And yeah if you didn’t already guess the reference to the Pink Floyd _Comfortably
   Numb_ song….
 * > Come on now
   >  I hear you’re feeling down Well, I can ease your pain And get 
   > you on your feet again
   > Relax
   >  I’ll need some information first Just the basic facts Can you show me
   > where it hurts?
   > There is no pain, you are receding
   >  A distant ship smoke on the horizon You
   > are only coming through in waves Your lips move but I can’t hear what you’re
   > saying When I was a child I had a fever My hands felt just like two balloons
   > Now I’ve got that feeling once again I can’t explain, you would not understand
   > This is not how I am I have become comfortably numb
   > I have become comfortably numb
   > O.K.
   >  Just a little pin prick There’ll be no more aaaaaaaah! But you may feel
   > a little sick
   > Can you stand up?
   >  I do believe it’s working, good That’ll keep you going through
   > the show Come on, it’s time to go.
   > There is no pain you are receding
   >  A distant ship smoke on the horizon You 
   > are only coming through in waves Your lips move but I can’t hear what you’re
   > saying When I was a child I caught a fleeting glimpse Out of the corner of 
   > my eye I turned to look but it was gone I cannot put my finger on it now The
   > child is grown The dream is gone I have become comfortably numb.
 *  Thread Starter [flyfisher842](https://wordpress.org/support/users/flyfisher842/)
 * (@flyfisher842)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/xmlrpc-hack-attempt-2/#post-6664201)
 *     ```
       [403 POST Request: October 19, 2015 - 1:41 pm]
       Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
       Solution: N/A - Hacker/Spammer Blocked/Forbidden
       REMOTE_ADDR: 46.20.12.30
       Host Name: host-46-20-12-30.ttnetdc.com
       SERVER_PROTOCOL: HTTP/1.1
       HTTP_CLIENT_IP:
       HTTP_FORWARDED:
       HTTP_X_FORWARDED_FOR:
       HTTP_X_CLUSTER_CLIENT_IP:
       REQUEST_METHOD: GET
       HTTP_REFERER:
       REQUEST_URI: /xmlrpc.php
       QUERY_STRING:
       HTTP_USER_AGENT: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24
       ```
   
 * I this what you wanted? I can post the rest to the pastebin after I get signed
   up.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/xmlrpc-hack-attempt-2/#post-6664202)
 * Yep that works. Looks like a typical blocked XML-RPC log entry. These old GET
   log entries are kind of boring now. Check out this new Bonus Custom Code and 
   you will see some more interesting blocked attacks: [http://forum.ait-pro.com/forums/topic/post-request-protection-post-attack-protection-post-request-blocker/](http://forum.ait-pro.com/forums/topic/post-request-protection-post-attack-protection-post-request-blocker/).
 * With the new Security Log Limit POST Request Body Data option and this Bonus 
   Custom Code in the link above you can literally capture entire hacker scripts
   if you are into that thing.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/xmlrpc-hack-attempt-2/#post-6664257)
 * Assuming all questions have been answered – thread has been resolved. If the 
   issue/problem is not resolved or you have additional questions about this specific
   thread topic then you can post them at any time. We still receive email notifications
   when threads have been resolved.
 * Thread Start Date: 10-18-2015 to 10-19-2015
    Thread Resolved/Current Date: 10-
   23-2015

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘xmlrpc hack attempt’ is closed to new replies.

 * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938)
 * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/)
 * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/)
 * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/)

 * 8 replies
 * 2 participants
 * Last reply from: [AITpro](https://wordpress.org/support/users/aitpro/)
 * Last activity: [10 years, 7 months ago](https://wordpress.org/support/topic/xmlrpc-hack-attempt-2/#post-6664257)
 * Status: resolved