TP-Docs
HTML5 Icon HTML5 Icon HTML5 Icon
TP on Social Media

Recent

Welcome to TinyPortal. Please login or sign up.

Members
  • Total Members: 3,966
  • Latest: safir45
Stats
  • Total Posts: 195,994
  • Total Topics: 21,325
  • Online today: 602
  • Online ever: 8,223 (February 19, 2025, 04:35:35 AM)
Users Online
  • Users: 0
  • Guests: 207
  • Total: 207

xmlrpc hacking danger

Started by AVainberg, April 08, 2006, 05:14:43 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

AVainberg

If you have xmlrpc on your server consider removing this script. I get a lot of hackers trying to run this script. It looks like they are able to take control of your machine with this script.  :knuppel2:

TwinsX2Dad

If you're running any recent implementation (1.01-1.06) of XML-RPC, this is absolutely not an issue. What you're interpreting as a 'hacker' is probably a remote function call originating from something you need. Removing it can limit your site's functionality.

XML-RPC is widely supported, with bindings for Python, Perl, Java, C, C++, Tcl, KDE, Zope, AppleScript, Unicode, Microsoft .NET, Ruby, Rebol, Delphi and other languages. If you have anything which needs to make remote process calls through XML, you're probably going to need it on your server.

AVainberg

Thank you for the answer. So far I do not think that I need remote procedure calls. I use only TP & SMF to my understanding there is no xmlrpc in TP. Also xmlrpc is not present in my folder. I just look in the error log files and I see 5-10 calls from IP address around the globe (PL, CZ, JP, USA) and I interpreted this calls to be from hackers. Maybe I am wrong.

This website is proudly hosted on Crocweb Cloud Website Hosting.