Upgrade Your Drupal Skills

We trained 1,000+ Drupal Developers over the last decade.

See Advanced Courses NAH, I know Enough

XML/RPC Vulnerability

Parent Feed: 
Jolene Pirrone

Had to delete the xmlrpc.php file that come with Drupal because my host was getting slammed by hack attempts - some successful, some not. The naughty installation was 4.3.3 and I have since upgraded to the 4.6.5 version. (Gee, how did that one slip by?) Should be safe now...

In any event, I have been asked very nicely to not upload these files in the future. Will comply... As a result, Drupal ID logins are now disabled at my website.

However, it took me a while to figure out that this file was also related to the Drupal ID login feature, not just the website directory ping. That's not really clear in the documentation. Here I am making a fool of myself trying to login in to the Drupal Sites directory.

Author: 
jolene
Original Post: 
http://www.advancedwebdesign.com/jolene/8

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web