Incident Overview

We monitored a brute force attack in progress against a website, and responded by actively engaging in a real-time defence against the attacker.

Attack Summary

  • A remote attacker was attempting to brute force attack a wordpress website via the file XMLRPC.php.
  • The attackers IP was blocked but soon after they began a second wave from 2 new IP addresses.
  • Modifications were made to the websites apache configuration to block all remote access to the file XMLRPC.php.

Defence Conclusion

  • Once the file was no longer accessible, the attacker soon gave up trying to access the file and the attack ceased.
  • Apache modifications to block remote access to the file XMLRPC.php were maintained as this did not have an impact on the websites operation.
  • Client: <<Confidential>>
  • Classification: Cybersecurity
  • Type: Hacking Defence
  • Technology: LAMP
Website Penetration Test
The Event Room Website