Tse, tse, tse… 100 attempts in the last two hours. Disabled xmlrpc.php for the moment, should be better until the first rush is over. One friends blog are already attacked, luckily their didn’t damaged too much. Was my fault, didn’t updated the version 
XMLRPC attack
06Sep096 Responses to “XMLRPC attack”
Comments are currently closed.
I just upgraded to WP 2.8.4 today… I had 2.8.1 before… I can I make sure mine wasn’t attacked?
The current worm going around is using a hole in older versions of WordPress, but the hole is not in xmlrpc.php. After gaining access to the blog it uses a call to xmlrpc.php to inject a new admin user. Disabling, renaming or deleting xmlrpc.php doesn’t address the issue. The best policy is to upgrade.
@Joseph
Yes you are right, I dig deeper in to the hacked blog and reviewed again the apache.log, they only use XMLRPC AFTER they registered already the new user. The base64encoded script via XMLRPC looks so evil, that I thought they did it direct via this API
Hi Alex,
Just finished upgrading an artist friend of mine to the latest WP 2.8.4 and it seems NextGEN Gallery doesn’t seem to enlarge pics anymore.
This was my first time looking at the NextGEN plugin, so I am not sure what is going on. The AJAX just says “Loading” seemingly forever.
He has really been enjoying the plugin, but I’m just stuck as to what is going on so far.
If you could let me know what could be going wrong, it would be much appreciated.
Here’s his gallery:
http://anthonyholdsworth.com/trying/gallery/
Once you enter any gallery and attempt to enlarge a specific pic, it just doesn’t seem to work anymore.
Thanks,
Michael
I installed the NetGEN Gallery on my WordPress weblog, but I don’t see it. Can you tell me what I did wrong?
Thanks
Go to: http://www.missionuganda.info
Paul & Michael -> Support request please in the forums. Thanks !