My girlfriend was just looking at her stats and noticed a referrer she didn't know: /xml-rpc, not really a referrer! The strange thing is that /xml-rpc is also on top of the list with files use by kbyte. She's on 2.6.2 and has xml-rpc publishing disabled.
Is this some kind of hack attempt with an old WP vulnerability? I don't like either note in her stats (referrer?, largest file?).
Any ideas anyone?