Components
Hacker news
Account
Sample One
Sample One

288,493 Requests – How I Spotted an XML-RPC Brute Force from a Weird Cache Ratio

13 points
1/21/1970
5 days ago
by taubek

Comments

dwedge

I'm really quickly getting to the point where I can't read LLM posts. I tried because on the face of it this seemed interesting but after the third or fourth tell, I got sick of reading something that a) is 50% longer than it needs to be and b) the author didn't bother to write

a day ago

bblb

>50% longer than it needs to be

Humans are good at distilling the word salads into actually coherent and useful bits of information. That's about the only thing left for us that we are good at. The machines will eventually catch up, and the AI slop blog writer agents will get good enough, so that 99.9 % of all text content on the Internet will be machine generated.

a day ago

VladVladikoff

What’s the point of Cloudflare if it can’t even filter out the most basic of brute force Wordpress attacks? Also article is trash AI LLM gen content that makes it painful to read.

a day ago

dwedge

> What’s the point of Cloudflare if it can’t even filter out the most basic of brute force Wordpress attacks

Luckily for a one time payment of just $499 the author has a solution at the bottom of the article

a day ago

eli

They have rate limiting rules but they aren't on by default and are separate from the WAF which is mostly stateless.

a day ago

faangguyindia

here's the solution:

static site generator + cf pages.

a day ago

ameliaquining

I agree that this is good for many greenfield use cases, but there's a big WordPress ecosystem out there and it includes some stuff that's not compatible with SSG.

a day ago

fyrn_

The value of writing is found in the density of information and something harder to define, something like 'art' or 'humanity'. This post did not have a good ratio of words to those quantities

a day ago

csomar

Unrelated to the article: But am I the only one annoyed by this AI-style writing? The article does actually have value if you are running a WordPress website but these sentences give me nausea:

- That's not a typo. Zero point eight percent.

- don't immediately blame your plugins. Check what's being requested.

- One HTTP request, hundreds of login attempts. That's the amplification. (in bold!)

- So if your cache rate suddenly drops on an otherwise quiet WordPress site, don't immediately blame your plugins. Check what's being requested.

a day ago

Twirrim

They also make no sense. Why would I ever jump to blaming the plugins if the cache rate drops? Particularly for a site hosted behind Cloudflare?

a day ago

csomar

It's AI-expanded slop. The whole article could have been a 200 words piece.

a day ago