WP XML-RPC攻撃(対策済み)

お知らせ

本日(10月26日) AM8:24頃からXML-RPCによる攻撃がありました。
パスワード流出等の被害はありません。
本脆弱性は既に対策済みです。
利用者の皆様にはご心配おかけして申し訳ありませんでした。

サイト管理者

本日中に対策を実施したので以降は同攻撃を受けることはありませんが、念のためパスワードを再設定することをおすすめします。

今回の攻撃の特徴
  • 高速(1秒間に10回以上の早さ)でログインを繰り返す
  • 攻撃を受けたのはこれまでに記事を書いたことがあるアカウント全て
  • 一時的に(約1分間)サイトへ繋がりにくい状態が発生
  • 攻撃してきたサーバーのIPアドレス:40.115.211.213

40.115.211.213 の WHOIS検索結果

Microsoft, US 等の記載がありますが、必ずしも正しいものとは限りません。(偽装している可能性あり)

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#


#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 40.115.211.213"
#
# Use "?" to get help.
#

NetRange:       40.74.0.0 - 40.125.127.255
CIDR:           40.74.0.0/15, 40.76.0.0/14, 40.80.0.0/12, 40.124.0.0/16, 40.120.0.0/14, 40.112.0.0/13, 40.96.0.0/12, 40.125.0.0/17
NetName:        MSFT
NetHandle:      NET-40-74-0-0-1
Parent:         NET40 (NET-40-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   Microsoft Corporation (MSFT)
RegDate:        2015-02-23
Updated:        2021-12-14
Ref:            https://rdap.arin.net/registry/ip/40.74.0.0



OrgName:        Microsoft Corporation
OrgId:          MSFT
Address:        One Microsoft Way
City:           Redmond
StateProv:      WA
PostalCode:     98052
Country:        US
RegDate:        1998-07-10
Updated:        2022-03-28
Comment:        To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
Comment:        * https://cert.microsoft.com.  
Comment:        
Comment:        For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
Comment:        * abuse@microsoft.com.  
Comment:        
Comment:        To report security vulnerabilities in Microsoft products and services, please contact:
Comment:        * secure@microsoft.com.  
Comment:        
Comment:        For legal and law enforcement-related requests, please contact:
Comment:        * msndcc@microsoft.com
Comment:        
Comment:        For routing, peering or DNS issues, please 
Comment:        contact:
Comment:        * IOC@microsoft.com
Ref:            https://rdap.arin.net/registry/entity/MSFT


OrgTechHandle: IPHOS5-ARIN
OrgTechName:   IPHostmaster, IPHostmaster 
OrgTechPhone:  +1-425-538-6637 
OrgTechEmail:  iphostmaster@microsoft.com
OrgTechRef:    https://rdap.arin.net/registry/entity/IPHOS5-ARIN

OrgTechHandle: MRPD-ARIN
OrgTechName:   Microsoft Routing, Peering, and DNS
OrgTechPhone:  +1-425-882-8080 
OrgTechEmail:  IOC@microsoft.com
OrgTechRef:    https://rdap.arin.net/registry/entity/MRPD-ARIN

OrgAbuseHandle: MAC74-ARIN
OrgAbuseName:   Microsoft Abuse Contact
OrgAbusePhone:  +1-425-882-8080 
OrgAbuseEmail:  abuse@microsoft.com
OrgAbuseRef:    https://rdap.arin.net/registry/entity/MAC74-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#
攻撃のログ(一部抜粋)

ログイン名は伏せてあります

コメント