On Fri, 19 Oct 2018, Alex wrote:
Should we be adding 3 points for just this, or is there never a reason
users should be using /wp-admin in their URLs?
Oct 19 09:33:11.561 [1299] dbg: rules: ran uri rule __URI_WPADMIN
======> got hit: "/wp-admin/images/"
The rule description says possible phishing, but how would an end-user
be in a position to create a public link that involves their WP admin
directory in the first place?
It's generally a sign of a hacked server.
However, 3 points may be extreme given it's hitting only 0.0280% of spam
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
One death is a tragedy; thirty is a media sensation;
a million is a statistic. -- Joseph Stalin, modernized
-----------------------------------------------------------------------
568 days since the first commercial re-flight of an orbital booster (SpaceX)