ParsePI: PI xmlversion space expected

[gaia]

I just turned on some modsec fetaures, and i got this:

Received From: kvm1->/var/log/httpd/error_log
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):

body.xml:1: parser error : ParsePI: PI xmlversion space expected

Is this something that needs to be corrected at one of the web applications?

Thanks

[scott]

yeah thats something dumping multiple lines into the error_log at once. You'd have to look at the lines before and after the event to narrow down the source.

[gaia]

The lines are repeatedly the same string, with nothing in between

body.xml:1: parser error : ParsePI: PI xmlversion space expected
<?xmlversion="1.0"?><methodCall><methodName>pingback.ping</methodName><params><p
^
body.xml:1: parser warning : xmlParsePITarget: invalid name prefix 'xml'
<?xmlversion="1.0"?><methodCall><methodName>pingback.ping</methodName><params><p
^

Is this because of one of the new rules I activated OR was it just a coincidence?

thanks!

[gaia]

I found where it is coming from

https://wordpress.org/support/topic/bod ... e-expected

It would be nice to have ASL handle this hacking attempts at XML-RPC in wordpress, instead of having to install a plugin. Count on my help to build these rules.

[gaia]

Here's more info on how to prevent this when upgrading wordpress is not possible: http://perishablepress.com/wordpress-xm ... erability/

[mikeshinn]

It would be nice to have ASL handle this hacking attempts at XML-RPC in wordpress, instead of having to install a plugin. Count on my help to build these rules.

I forgot to reply to this post, we added in rules for these XML parsing errors. ASL now automatically blocks hosts that cause these.