Today while reviewing my server’s Error Log, it was interesting to see that all of the following keywords were used in rapid succession, each of them repeated between 4 and 11 times, finishing in 14 seconds, and all having been sent to my server by the same IP address:
admin
admin.php
administrator
authenticating.php
beta
bitrix
blog
cache
cli
components
configbak.php
configuration.php
configurationbak.php
CONFIGURATIONS.php
conn.php
controller.php
cppr.php
d.php
dir.php
dump.php
flash
functions.php
getFile.php
getgg.php
hello.php
images
includes
includes.php
index.php
joomla-resize.php
layouts
license.php
libraries
logs
manager
media
menu.php
modules
modx.php
monitor
move2.php
natro
path.php
plugins
popup-pomo.php
positivessl
proizvoditelej.php
psyco.php
redirect.php
rss.php
sql_debug.php
sql_dump.php
sqlbak.php
src
temp0
templates
tmp
tmp.php
typo3
upload.php
webconfig.txt.php
wordpress
wosss.php
wp
wp-back.php
wp-content
wp-datas.php
wp-includes
wp-login.php
wp-mailback.php
xGASSx.php
xGx.php
xmlrpc.php
xmlsrpc.php
xxx123456_wp-datas.phpClearly an automated hacking server sent the above. Not sure why some commands were repeated up to 11 times each. I would think that once my server generated a 404 that would be a pretty strong message to the hacking server that my server doesn’t have what they are looking for. Or perhaps this is a mild form of a DoS attack?
Note that those commands were not sent in alphabetical order. I sorted them that way above for clarity. And I mention this because if any of you have filenames such as this on your server, take note that someone out there is looking closely for them!
–James W.
offtopic mailing list
email@hidden
Update your subscriptions at: