288,493 Requests – How I Spotted an XML-RPC Brute Force from a Weird Cache Ratio (marcindudek.dev)
11 points by taubek 4 days ago
dwedge 2 hours ago
I'm really quickly getting to the point where I can't read LLM posts. I tried because on the face of it this seemed interesting but after the third or fourth tell, I got sick of reading something that a) is 50% longer than it needs to be and b) the author didn't bother to write
fyrn_ 15 minutes ago
The value of writing is found in the density of information and something harder to define, something like 'art' or 'humanity'. This post did not have a good ratio of words to those quantities
VladVladikoff 2 hours ago
What’s the point of Cloudflare if it can’t even filter out the most basic of brute force Wordpress attacks? Also article is trash AI LLM gen content that makes it painful to read.
dwedge an hour ago
> What’s the point of Cloudflare if it can’t even filter out the most basic of brute force Wordpress attacks
Luckily for a one time payment of just $499 the author has a solution at the bottom of the article
eli an hour ago
They have rate limiting rules but they aren't on by default and are separate from the WAF which is mostly stateless.
faangguyindia an hour ago
here's the solution:
static site generator + cf pages.
csomar 19 minutes ago
Unrelated to the article: But am I the only one annoyed by this AI-style writing? The article does actually have value if you are running a WordPress website but these sentences give me nausea:
- That's not a typo. Zero point eight percent.
- don't immediately blame your plugins. Check what's being requested.
- One HTTP request, hundreds of login attempts. That's the amplification. (in bold!)
- So if your cache rate suddenly drops on an otherwise quiet WordPress site, don't immediately blame your plugins. Check what's being requested.
Twirrim 6 minutes ago
They also make no sense. Why would I ever jump to blaming the plugins if the cache rate drops? Particularly for a site hosted behind Cloudflare?