Auth attack through Zapier integration

Hi there,

We have a self-hosted Ghost instance (running really well, I like it, thx!) and today I got 45 emails from the Ghost engine, saying that the Zapier integration failed. We don’t have any Zapier integrations set up.

Because of the URL-s the calls tried to reach, I think someone tried to attack the site authentication. (Failed request URL: /resources/ghost/api/canary/admin/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e//etc/passwd)

Have you ever experienced something similar? Is there a way to close the Zapier port/connection?