Originally Posted by till
You might want to install fail2ban to block such attacks automatically.
I shall take a look at that and see how difficult it might be to integrate into the existing configuration. For the time being, I merely blocked the IP address from which that attack originated.
But being able to monitor server activity in real-time (especially in an extremely low-volume setting like this) would help to identify problems one might otherwise not be aware of.
Thanks for the recommendation and I'll definitely look into it.