Change post URLs to prevent hacking attempts

[ioloie]

Allowing users to create URLs at the site root will cause a lot of issues long term.

First is that it opens up attack vectors such as this attempt.

Second is having to steam-roll posts to add new features at URLs that are in use. If you do add a .well-known directory you'll need to remove that post for example.

Moving posts to be under /post/:id the same as users being under /user/:id would prevent both of these issues.

[jjcm]

Rather than doing that, my thoughts right now are to actually move all admin elements under admin.non.io or settings.non.io, and only allowing modification of user settings from those domains.

I agree there's a vector for abuse, but I also believe that if posts are eventually a paid-only privilege, moderation of these abuses will be far easier. Will definitely revisit this if it becomes a problem.