PhSoftware

The Forum of PhSoftware

Skip to content

Issues with off-line editors

You have feature Requests, or some Bugs found within the port of PHPIDS WPIDS? Tell them here.
Post a reply

Issues with off-line editors

Postby Arbyto on Thu Dec 06, 2007 11:56 am

As far as I know, wordpress uses xml-rpc to interact with offline blog clients. (http://codex.wordpress.org/XML-RPC_Support)
Apparently WPIDS is blocking all external communication between Wordpress blog and the off-line editors
trought xml-rpc . (http://www.xmlrpc.com/)
- Zoundry blog writer reports this error:
Code: Select all
!!blogpostemodel.Error_downloading_posts___!!!!publishing.xmlrpc_listcats_req_failed!!RpcPublisherError['mt.getCategoryList' type:General Error, code:0 msg:<zpypatch.xmlrpclib.ResponseError instance at 0x0A7B260]

- ScribeFire instead fails silently, not reporting any errors
- Ms Live Writer is probably affected but I'm unable to confirm it.

WPIDS should be able to discriminate between legitimate users that use xml-rpc and bad guys.
It's not easy.. maybe could incercept calls to xml-rpc and check for username&password that match the one registered on wp-db?

cheers!

arbyto
Arbyto
 
Top

Re: Issues with off-line editors

Postby Philnate on Wed Dec 26, 2007 9:42 am

Again thanks Arbyto, for letting us know! I'll take a look into that problem, but I can't tell, when we're able to release some new version which can handle XML-RPC correctly. I'm gonna try to create a patch for you so that you can work with it as a work around.
Philnate
Site Admin
 
Posts: 78
Joined: Sun Jun 12, 2005 7:54 pm
Top

Re: Issues with off-line editors

Postby Philnate on Wed Mar 12, 2008 10:56 am

Sorry, Arbyto that it taked so long to reply for a Solution, but the last months were quite busy for me.
Anyway I can now present you a solution for your Problem with offline writers.
To fix the problem within your current Version you need to open the file wp-ids.php.
There you need to search for these lines:
Code: Select all
add_filter('xmlrpc_methods', 'wpld_disabled');

And a bit more down the file for:
Code: Select all
if (ereg_replace("[^a-zA-Z.]", "", basename($_SERVER['PHP_SELF'])) == 'xmlrpc.php') {
  wpids_error('You tried to attack the xmlrpc.php file!');//Disable the Access to XML-RPC, to minimize threat to it.
}


remove these lines, or comment them out, in order to get your XML-RPC working. Anyway within the next days a new WPIDS version will be published which comes with a Buildin option to enable and disable the XML-RPC Block feature. It will be available on http://phpids.org as well as http://blogsecurity.net
Last bumped by Anonymous on Wed Mar 12, 2008 10:56 am.
Philnate
Site Admin
 
Posts: 78
Joined: Sun Jun 12, 2005 7:54 pm
Top
Post a reply

Return to WPIDS

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
cron