[afnog] Geofeed
Mark Elkins
mark at posix.co.za
Tue Aug 26 10:45:31 UTC 2025
On 2025/08/26 11:45, sm+afrinic at elandsys.com wrote:
> Dear Mr Chirwa,
>
> There were 20 HTTP requests to a web server, e.g. "GET
> /2019/wp-includes/wlwmanifest.xml HTTP/1.1" It looks like the client
> was probing the web server for Microsoft's Windows Live Writer
> support. The requests originated from 196.251.114.163. The AFRINIC
> records for the IP address range are as follows:
For what it is worth, on my main customer WEB server which has a few
customer web systems, I have a customised 404.php program that when a
page can not be found, checks to see if the 404 error is an atypical
WordPress file or path (e.g. "wp-include" ) and records the originators
IP address in a Database. If I see more than five such probes within a
minute, I block that IP address from further access. This should make it
more difficult for a bad actor to compromise a WordPress security
vulnerability and potentially infiltrate the customers Website.
Most probes I block seem to come from the USA, Russia or far east
countries, although Nigeria is also pretty well represented.
--
Mark James ELKINS - Posix Systems - (South) Africa
mje at posix.co.za Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
<https://ftth.posix.co.za>
Posix Systems
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.afnog.org/pipermail/afnog/attachments/20250826/cc7a651a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: abessive_logo.jpg
Type: image/jpeg
Size: 6410 bytes
Desc: not available
URL: <http://www.afnog.org/pipermail/afnog/attachments/20250826/cc7a651a/attachment.jpg>
More information about the afnog
mailing list