Guys, for starters, limit access to admin parts of the revive, and more importantly, filter out POST requests from unknown IP addresses. If somebody is under attack and is able to collect access logs for POST request and payloads, that would be just great.