You are not supposed to be here — but nonetheless, you are.

This page is shown when repeated or suspicious access attempts are detected. The activity is recorded and will be reviewed by our security team.

Observed client IP
Detecting…
Time (UTC)
Incident ID

To the person attempting access: your persistence is noted. For clarity:

  • We record successful and failed access attempts with timestamps, client IPs and headers.
  • Logs are retained and may be escalated to our incident response team and, if warranted, shared with upstream providers or law enforcement.
  • If you are an authorised administrator and believe this is an error, contact the site owner through official channels — do not attempt more login attempts.
This activity is logged Further attempts may be reported
Notes for IT / security professionals
Server-side logging includes remote address, X-Forwarded-For, X-Real-IP, TLS client subject (if provided), and request headers. If you use reverse proxies or load balancers, ensure correct header preservation and trusted proxy configuration. Example checks:
  1. Check X-Forwarded-For and chain length to find original client IP.
  2. Validate that proxy trust is configured so your app doesn't accept forged headers from the Internet.
  3. Review rate-limiting, fail2ban / blocklist entries, and WAF logs for correlated events.
If you deploy this page, replace the placeholder incident ID with your own generated token and ensure the HTTP response code is appropriate (e.g. 401 or 403).