Trying to get my head around how we might be able to use Crowdsec to protect a few different sites that we host for clients. For example, we were getting 3-5 requests a second for a few hours on a couple of wordpress sites like this:
xxx.xxx.xxx.xxx - - [17/Aug/2021:16:10:08 +0000] "POST /xmlrpc.php HTTP/1.1" 405 755 "-" "curl/7.30.0"
Is there an out of the box scenario for detecting things like this?
Or would it make a good contribution to the wordpress bf scenario?
Any thoughts appreciated.