Press "Enter" to skip to content

We See You – Targeted Scanning Detected

By Kieron JH on August 1, 2025 6:51 pm

Posted by Kieron JH | The Reasonable Times | 1 August 2025

Not Just Noise

At around 5 PM on August 1st, we detected a sharp burst of suspicious activity against our website. On the surface, it could look like just another wave of bot traffic – but this wasn’t random noise. This was focused. Deliberate. Timed. And more importantly, it was caught.

What We Found

  • Multiple requests to /xmlrpc.php and /?author=1 – classic brute-force and enumeration paths
  • Attempts to access .env, .git, /config/aws.json – high-risk file paths used in scanning
  • Probes on /wp-json/wp/v2/users and /wp-login.php – endpoints associated with recon and access attempts
  • Hit patterns matching honeypots we embedded specifically for this purpose

Many of the requests came from Microsoft Azure and DigitalOcean cloud IP ranges. Most had no referrer, minimal or faked user-agent strings, and were tightly grouped around end-of-day work hours.

Is It Just Plugins?

We considered that possibility. Could this traffic be from legitimate WordPress plugins? The answer: no.

Plugins don’t try to access configuration files. Plugins don’t scan for .git folders or /.env files. And they certainly don’t repeatedly hit our honeypots without ever visiting a visible page first. This traffic was automated – but someone had to configure it. Someone with a reason to monitor our content and our infrastructure.

So Who’s Watching?

We won’t speculate too far – but we will say this. We’ve recently raised serious allegations involving disability discrimination, safeguarding concerns, and potential data protection violations against a publicly funded employment charity. That charity and its associates have reason to be nervous. These scans started around the same time our complaints escalated to MPs and public funders. The pattern speaks for itself.

Our Response

  • Wouldn’t you like to know? 🙂

If you’re the one watching: we see you. We know your methods, your infrastructure, and your timing. Keep probing – we’ll keep logging.

All logs and evidence are retained. This article may be updated as our investigation continues.

Published in Articles

More from ArticlesMore posts in Articles »

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *