If you found this site, welcome. I’ve been telling people I’d eventually write something here. Turns out all it took was someone poking at my server in the middle of the night, twice, to finally make it happen.
Here’s what happened: Ghost, the platform this blog runs on, exposes a member signup API endpoint by default, even when signups aren’t publicly available through the UI. Over two consecutive nights, someone hit that endpoint directly. The first attempt came from a Tor exit node in the Netherlands and used a dummy test address. The second, also in the middle of the night, used a disabled AOL address pulled from what was almost certainly a breach database. A dead mailbox makes a convenient mail relay test target because the SMTP transaction completes but nobody actually receives anything.
Both times, my server sent the email. That’s the part that matters to them, confirming the relay works.
The fix was straightforward once I knew what I was looking at. Endpoint’s closed now.
Anyway. Hi. The site’s real, I’m going to actually write things here, and apparently it only took a couple of drive-by script kiddies to make that happen.
Sunday, 12 April 2026
Monday, 8 December 2025
# 👋🏻 hi there
Don’t expect much here, other than the ramblings of someone who occasionally feels the need to smash keys and click post.