Friday, 9 October 2015

Security Advisory: Brute Force Amplification Attacks Against WordPress

Security Advisory
Attackers are exploiting one of the hidden features of XML-RPC - using the system.multicall method to execute multiple Brute Force attempts inside a single post request. Instead of targeting wp-login.php directly, the user is circumventing the system by targeting methods within the very popular XML-RPC. This attack is amplifying the Brute Force attempts in very high orders of magnitude, and disguising the attempts in a technique that makes it very difficult to identify and mitigate. By leveraging the system.multicall method within XML-RPC the attacker is able to hide 100's / 1,000's of passwords within a single HTTP / HTTPS request. If you can't block XML-RPC, we advise you to leverage a  Website Application Firewall (WAF) and verify you can strip requests targeting the system.multicall method.
This email does not mean you are affected!
Being proactive in the protection of your site is of one of the most important aspects of having a solid security posture. Therefore, we feel it's important to research and report on all potential threats as quickly as possible.
Why this attack matters...
None of the security plugins designed to stop Brute Force attacks are blocking it.
We cannot stress the importance of good access control management such as creation and management of strong passwords.

More details on this security advisory can be found here:
Brute Force Amplification Attacks Against WordPress XMLRPC
If you're a Sucuri customer subscribing to our Firewall or Antivirus protection, take a deep breath. You are already safe. If you're not a customer yet, save yourself from anxiety and sign up!
Discover how iThemes Leverages Sucuri's Website Application Firewall...
"The peace of mind of having a dedicated, 24/7/365 team to protect and clean your website can prevent the myriad of negative effects on your business and brand reputation."
Protect Your Site Today
- Your Sucuri Security Team
Sucuri Labs
Sucuri Labs
Copyright © 2015 Sucuri Security, All rights reserved.
The user subscribes to this list to stay current with the latest in security news.

Our mailing address is:
Sucuri Security
30141 Antelope RD
Suite D, #680
Menifee, CA 92584

Add us to your address book

unsubscribe from this list    update subscription preferences