<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">On 2025/08/26 11:45,
<a class="moz-txt-link-abbreviated" href="mailto:sm+afrinic@elandsys.com">sm+afrinic@elandsys.com</a> wrote:<br>
</div>
<blockquote type="cite"
cite="mid:6.2.5.6.2.20250826014323.090f2c50@elandsys.com">Dear Mr
Chirwa,
<br>
<br>
There were 20 HTTP requests to a web server, e.g. "GET
/2019/wp-includes/wlwmanifest.xml HTTP/1.1" It looks like the
client was probing the web server for Microsoft's Windows Live
Writer support. The requests originated from 196.251.114.163.
The AFRINIC records for the IP address range are as follows:
<br>
</blockquote>
<br>
<p>For what it is worth, on my main customer WEB server which has a
few customer web systems, I have a customised 404.php program that
when a page can not be found, checks to see if the 404 error is an
atypical WordPress file or path (e.g. "wp-include" ) and records
the originators IP address in a Database. If I see more than five
such probes within a minute, I block that IP address from further
access. This should make it more difficult for a bad actor to
compromise a WordPress security vulnerability and potentially
infiltrate the customers Website.</p>
<p>Most probes I block seem to come from the USA, Russia or far east
countries, although Nigeria is also pretty well represented.<br>
</p>
<div class="moz-signature">-- <br>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title></title>
<p>Mark James ELKINS - Posix Systems - (South) Africa<br>
<a class="moz-txt-link-abbreviated" href="mailto:mje@posix.co.za">mje@posix.co.za</a> Tel: <a href="tel:+27826010496">+27.826010496</a><br>
For fast, reliable, low cost Internet in ZA: <a
href="https://ftth.posix.co.za">https://ftth.posix.co.za</a><br>
<br>
<img moz-do-not-send="false"
src="cid:part3.8A061ECA.721F46C9@posix.co.za" alt="Posix
Systems" width="250" height="165"><br>
</p>
</div>
</body>
</html>