Fresh Hacker News | 288,493 Requests – How I Spotted an XML-RPC Brute Force from a Weird Cache Ratio

▲288,493 Requests – How I Spotted an XML-RPC Brute Force from a Weird Cache Ratio(marcindudek.dev)

12 points by taubek 3 days ago | 4 comments

▲dwedge 3 hours ago

I'm really quickly getting to the point where I can't read LLM posts. I tried because on the face of it this seemed interesting but after the third or fourth tell, I got sick of reading something that a) is 50% longer than it needs to be and b) the author didn't bother to write

▲bblb 1 hour ago

>50% longer than it needs to be

Humans are good at distilling the word salads into actually coherent and useful bits of information. That's about the only thing left for us that we are good at. The machines will eventually catch up, and the AI slop blog writer agents will get good enough, so that 99.9 % of all text content on the Internet will be machine generated.

▲fyrn_ 1 hour ago

The value of writing is found in the density of information and something harder to define, something like 'art' or 'humanity'. This post did not have a good ratio of words to those quantities

▲VladVladikoff 3 hours ago

What’s the point of Cloudflare if it can’t even filter out the most basic of brute force Wordpress attacks? Also article is trash AI LLM gen content that makes it painful to read.

▲dwedge 2 hours ago

> What’s the point of Cloudflare if it can’t even filter out the most basic of brute force Wordpress attacks

Luckily for a one time payment of just $499 the author has a solution at the bottom of the article

▲eli 2 hours ago

They have rate limiting rules but they aren't on by default and are separate from the WAF which is mostly stateless.

▲faangguyindia 2 hours ago

here's the solution:

static site generator + cf pages.

▲ameliaquining 28 minutes ago

I agree that this is good for many greenfield use cases, but there's a big WordPress ecosystem out there and it includes some stuff that's not compatible with SSG.

▲csomar 1 hour ago

Unrelated to the article: But am I the only one annoyed by this AI-style writing? The article does actually have value if you are running a WordPress website but these sentences give me nausea:

- That's not a typo. Zero point eight percent.

- don't immediately blame your plugins. Check what's being requested.

- One HTTP request, hundreds of login attempts. That's the amplification. (in bold!)

- So if your cache rate suddenly drops on an otherwise quiet WordPress site, don't immediately blame your plugins. Check what's being requested.

▲Twirrim 1 hour ago

They also make no sense. Why would I ever jump to blaming the plugins if the cache rate drops? Particularly for a site hosted behind Cloudflare?

▲csomar 1 hour ago

It's AI-expanded slop. The whole article could have been a 200 words piece.