How did YOU resolve the XMLRPC issue?
When that XMLRPC hole that allows arbitrary command execution was discovered, every script vendor released patched versions, BUT ... all those old installations still have the old XMLRPC bundled.
So how did everyone fix this issue?
Did you force all your customers to update every single script that they had which included XMLRPC (which cannot be done as most people have no idea what they've installed) ?
Did you block access the the XMLRPC files using for example mod_security? (like we did)
Did you just close your eyes and hope this issue doesn't affect you somehow and the bad people go away?
I'm really curious as to what everyone did because we get daily hits to the XMLRPC files, from hackers trying to exploit them... But we've blocked access to those files via mod_security because it seemed and seems like the most practical solution. But it's not a long term solution because eventually people willl want to use xmlrpc again - and those who've updated their installations will be pissed off because we're still blocking access to xmlrpc via modsec ... Hmm ? Ideas ? Suggestions ?
