On Fri, 19 Oct 2018, Alex wrote:

Should we be adding 3 points for just this, or is there never a reason
users should be using /wp-admin in their URLs?

Oct 19 09:33:11.561 [1299] dbg: rules: ran uri rule __URI_WPADMIN
======> got hit: "/wp-admin/images/"

The rule description says possible phishing, but how would an end-user
be in a position to create a public link that involves their WP admin
directory in the first place?

It's generally a sign of a hacked server.

However, 3 points may be extreme given it's hitting only 0.0280% of spam

--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  One death is a tragedy; thirty is a media sensation;
  a million is a statistic.              -- Joseph Stalin, modernized
-----------------------------------------------------------------------
 568 days since the first commercial re-flight of an orbital booster (SpaceX)

Reply via email to