The home on the web of Colin Walker.
Find out more on /ident, say /EHLO, or tune in to the daily RSS feed.
2026/02/22#p1
Checking the server logs, I saw a number (a lot) of direct 'POSTs' with no referer.
There were also a plethora of attempts to load classic WordPress attack points:
- wp-admin
- wp-login.php
- xmlrpc.php
Needless to say, these don't exist.
The IP addresses concerned we're all reported as malicious on AbuseIPDB.
I blocked the attack points via .htaccess to reduce load, and am checking for false POSTs before anything else happens.
Better safe than sorry.
