when i worked in webhosting, we dealt with a lot of attacks that used xmlrpc for any number of reasons. 100% of the time when the customer asked if they needed xmlrpc, the answer was no. it's still a horrible function with way too many bugs and bad coding practices to be useful anywhere, so the risks far outweigh any potential benefits.
1 comment
[ 2.2 ms ] story [ 13.7 ms ] thread