Joss Posted December 4, 2015 Share Posted December 4, 2015 On one site I added a little bit of code to just keep a track of page visits. For fun, I also added it to the 404 page. Over the last month I have had over 1000 hits to the 404, which made me wonder who was getting my site addresses so wrong. Obviously, this is a terribly course tool and does not tell me anything other than it is being hit. So, being curious, I chucked an email at the hosting provider, asking them if they had a clue from their logs (i am terrible at reading logs) Yes, they said. The vast majority of 404s are being caused by people trying to hit the following page: mydomain.com/wp-admin Now, what a surprise! 2 Link to comment Share on other sites More sharing options...
tpr Posted December 4, 2015 Share Posted December 4, 2015 Looks like a great place to place ads 1 Link to comment Share on other sites More sharing options...
Joss Posted December 4, 2015 Author Share Posted December 4, 2015 Looks like a great place to place ads For Processwire, of course.... Link to comment Share on other sites More sharing options...
Joss Posted December 4, 2015 Author Share Posted December 4, 2015 Actually, perhaps Processwire should come with optional pages for wp-admin and a couple of other WordPress standards that are nicely written and polite. "Should have chosen Processwire." 2 Link to comment Share on other sites More sharing options...
tpr Posted December 4, 2015 Share Posted December 4, 2015 There was a similar discussion here in the forums which I can't find now, someone even suggested a module for this purpose Link to comment Share on other sites More sharing options...
Joss Posted December 4, 2015 Author Share Posted December 4, 2015 Good idea - though to be in keeping with the joke the module would have to demand weekly updates to avoid catastrophic bugs. 2 Link to comment Share on other sites More sharing options...
Mike Rockett Posted December 5, 2015 Share Posted December 5, 2015 There was a similar discussion here in the forums which I can't find now, someone even suggested a module for this purpose Actually, perhaps Processwire should come with optional pages for wp-admin and a couple of other WordPress standards that are nicely written and polite. "Should have chosen Processwire." Granted, my solution here is not very polite, but the methodology is there. ;-) Link to comment Share on other sites More sharing options...
MuchDev Posted December 5, 2015 Share Posted December 5, 2015 I'm a fan of a good sarcastic gif or better yet 2 Link to comment Share on other sites More sharing options...
kixe Posted December 6, 2015 Share Posted December 6, 2015 Handy tools log your 404s with http://modules.processwire.com/modules/process404-logger/ edit redirects (includes a hitcounter) with http://modules.processwire.com/modules/process-redirects/ or (wildcard redirects possible like wp-*) http://modules.processwire.com/modules/process-jumplinks/ 1 Link to comment Share on other sites More sharing options...
Mike Rockett Posted December 6, 2015 Share Posted December 6, 2015 or (wildcard redirects possible like wp-*) http://modules.processwire.com/modules/process-jumplinks/ It's actually wp-{all} or, to be more specific, wp-<admin|content|login|includes>{all}. The point of my previous post was to make a special wildcard, perhaps called {wordpress} for easy redirection to something funny. 2 Link to comment Share on other sites More sharing options...
Joss Posted December 6, 2015 Author Share Posted December 6, 2015 Kixe, I have installed your logger, so it will be interesting to see what it kicks out. I know wp-admin is the most common one, but I don't think it is all of them. Nice tool. 1 Link to comment Share on other sites More sharing options...
OrganizedFellow Posted December 10, 2015 Share Posted December 10, 2015 You should create a 'wp-login' page and log all the attempted usernames and passwords. This guy has a great idea!! http://www.korn19.ch/coding/wordpress_logins.php Link to comment Share on other sites More sharing options...
MatthewSchenker Posted December 10, 2015 Share Posted December 10, 2015 Greetings, Hmm... Everyone run a check. After reading this, I took a look at some logs on a few of my own projects, and what do you know -- several hits on /[domain]/wp-admin. Joss may have stumbled onto a poke-wp opportunity. Maybe we could start a movement among all non-wp CMSs to redirect such requests to a particular WordPress page. That would be mean, of course -- potentially increasing their site visits overnight by millions of hits. Thanks, Matthew 2 Link to comment Share on other sites More sharing options...
Joss Posted December 10, 2015 Author Share Posted December 10, 2015 Just a cursory glance at the logs shows mostly wp-login, attempting to find it in various places: /wp/ or /wordpress/ or /news/blog/ and so on. Actually, it is probably a pretty authoritative list of the most common places people install wordpress. I get the odd other wp- files and then also quite a few attempted hits on jquery.js (in places where I don't have it, of course). The IP addresses tend to be mostly Dehli with some Ukraine and one repetitive address in Tulsa. IP address 67.20.55.130 was having a good hunt around for vbullitin last night and also looking for bigdump.php and a couple of backup.sql scripts. So, this is also proving to be a list of file names you should not have in your web accessible hierarchy because they are searched out by intruders. I have blocked a couple of the ip addresses on CPanel for interest and there was less activity in the last 24 hours, though I suspect that could prove a full time occupation if one were not careful. It almost needs an automated script that says: "If an IP address attempts to find a file name from a blacklist more than N number of times, then block IP" So, in our cases, we would put on the blacklist common files from Drumalpress and a couple of forums, plus some things like backup.php which we do not have. It would need to be domain name specific, of course or you could end up blocking yourself! 1 Link to comment Share on other sites More sharing options...
LostKobrakai Posted December 10, 2015 Share Posted December 10, 2015 Joss may have stumbled onto a poke-wp opportunity. Maybe we could start a movement among all non-wp CMSs to redirect such requests to a particular WordPress page. That would be mean, of course -- potentially increasing their site visits overnight by millions of hits. This would make you no better than any ddos botnet, but maybe we can create a crazy performant site, which does log all prevented wordpress login/hack attempts (redirect or via some kind of api). Then a few statistics about it and we've some good marketing material for processwire. 2 Link to comment Share on other sites More sharing options...
Joss Posted December 10, 2015 Author Share Posted December 10, 2015 Just for interest, I wonder how many PW users rename their admin? I always do, normally something relating to the site. So, if I had joss.com (which I don't!) I would create jsadmin or something. I vary the system quite a lot, but useful to keep it vaguely memorable for client sites. The ability to rename admin I think is a particularly neat security feature in PW. It might not be uber-powerful, but is so simple and just creates a nice little hurdle for bots to trip over. 1 Link to comment Share on other sites More sharing options...
rick Posted December 10, 2015 Share Posted December 10, 2015 Since we have a new security forum, why not post a topic containing the IPs and related files there, where we can all benefit from a pseudo- 'blacklist'? 1 Link to comment Share on other sites More sharing options...
Joss Posted December 10, 2015 Author Share Posted December 10, 2015 That could end up a long list! Link to comment Share on other sites More sharing options...
Craig Posted December 10, 2015 Share Posted December 10, 2015 Just for interest, I wonder how many PW users rename their admin? I do. But I always use the same consistent name - which works well a) for me when I come back to a site I built years ago, and b) for other team members at work so they know where to go. Link to comment Share on other sites More sharing options...
Joss Posted December 10, 2015 Author Share Posted December 10, 2015 Yes, I have always been very good at telling people where to go. Not ever done it via an admin address though.... 2 Link to comment Share on other sites More sharing options...
Mike Rockett Posted December 10, 2015 Share Posted December 10, 2015 Just for interest, I wonder how many PW users rename their admin? I always do, normally something relating to the site. So, if I had joss.com (which I don't!) I would create jsadmin or something. I vary the system quite a lot, but useful to keep it vaguely memorable for client sites. The ability to rename admin I think is a particularly neat security feature in PW. It might not be uber-powerful, but is so simple and just creates a nice little hurdle for bots to trip over. Yeah, I always rename the admin area. Lately, I've started making it 'siteadministration-', followed by their randomised five-digit account reference tag. So, for example: abcaccounting.co.za/siteadministration-f851z. For ease-of-reference, I ask them to bookmark the URL so they need not remember it. Also building a Client Centre for my clients so that they have access to the URL, should they loose the bookmark. (Client Centre also handles their cPanel email management etc.) 1 Link to comment Share on other sites More sharing options...
Joss Posted January 6, 2016 Author Share Posted January 6, 2016 Just been having a peak at my 404 logs. Various Wordpress files are featuring very highly, but also many attempts to find my jquery.js file. Another one that comes up a lot is /utility/convert/data/config.inc.php and variations. What is that from? But by far the most popular are wp-XX files. It shows that if you have a WordPress site, you WILL get hundreds of attempts to take it down each day, even on your little-visited blog. How comforting ... 1 Link to comment Share on other sites More sharing options...
cstevensjr Posted January 6, 2016 Share Posted January 6, 2016 Another one that comes up a lot is /utility/convert/data/config.inc.php and variations. What is that from? I believe this is also associated with trying to access WP sites. Link to comment Share on other sites More sharing options...
Joss Posted January 6, 2016 Author Share Posted January 6, 2016 Didn't know they had a utility directory. Link to comment Share on other sites More sharing options...
horst Posted January 6, 2016 Share Posted January 6, 2016 I have some more different in my collection /admin.php/admin/actualites4/editor/fckeditor.html/admin/assetmanager/assetmanager.asp/admin/assetmanager/assetmanager.aspx/admin/assetmanager/assetmanager.php/admin/assetmanager/default.asp/admin/backup.sql/admin/backup/backup.sql/admin/backup/db.sql/admin/backup/dump.sql/admin/bigdump.php/admin/classes/components/formattedTextArea/fckeditor/editor/fckeditor.html/admin/Cms_Wysiwyg/directive/index//admin/common/editor/assetmanager/assetmanager.php/admin/database.sql/admin/db.sql/admin/default_image.asp/admin/default_image.aspx/admin/dump.sql/admin/dump/bigdump.php/admin/edit/default_image.asp/admin/edit/default_image.aspx/admin/editor/admin/Editor/assetmanager/assetmanager.asp/admin/Editor/assetmanager/assetmanager.aspx/admin/editor/assetmanager/assetmanager.php/admin/editor/default_Image.asp/admin/editor/default_Image.aspx/admin/editor/dialogs/dialog.php/admin/editor/editor//admin/editor/fckeditor.html/admin/EDITOR/RTE_popup_file_atch.asp/admin/editors/fckeditor/editor/fckeditor.html/admin/fck/editor/fckeditor.html/admin/FCKeditor/editor/admin/fckeditor/editor//admin/fckeditor/editor/fckeditor.html/admin/FCKeditor/editor/filemanager/browser/default/connectors/asp/connector.asp/admin/FCKeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx/admin/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php/admin/FCKeditor/editor/filemanager/connectors/asp/connector.asp/admin/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx/admin/FCKeditor/editor/filemanager/connectors/php/connector.php/admin/fckeditor/editor/filemanager/connectors/php/upload.php/admin/fckeditor/editor/filemanager/connectors/uploadtest.html/admin/fckeditor_ap/editor/fckeditor.html/admin/fckeditor1/editor/fckeditor.html/admin/inc/scripts/assetmanager/assetmanager.asp/admin/include/uploadTester.asp/admin/includes/rte/editor/fckeditor.html/admin/is_editor/assetmanager/assetmanager.php/admin/js/fckeditor/editor//admin/libexterne/fckeditor/editor/fckeditor.html/admin/MembersAreaManager/components/Editor/assetmanager/assetmanager.asp/admin/panel/fckeditor/fckeditor.html/admin/produtos/fckeditor/editor/fckeditor.html/admin/rte/RTE_popup_file_atch.asp/admin/rte_popup_file_atch.asp/admin/SiteEngineManager/components/Editor/assetmanager/assetmanager.asp/admin/SiteEngineManager/components/Editor/assetmanager/assetmanager.aspx/admin/spaw/dialogs/dialog.php/admin/spaw2/dialogs/dialog.php/admin/system/editor/fckeditor/editor/fckeditor.html/admin/templates/editor/fckeditor.html/admin/templates/fckeditor/editor/fckeditor.html/admin/uploadarticles/uploadTester.asp/admin/uploadTester.asp/admin/view/javascript/fckeditor/editor/fckeditor.html/admin/wp-login.php/admin/WYSIWYGeditor/assetmanager/assetmanager.aspx/administrator//administrator/components/com_joomlaupdate/restore.php/administrator/Editor/assetmanager/assetmanager.asp/administrator/editors/fckeditor/fckeditor.html/administrator/fckeditor/editor/fckeditor.html/administrator/fckeditor1/editor/fckeditor.html/administrator/index.php/administrator/php/editor/fckeditor.html/administrator/SiteEngineManager/components/Editor/assetmanager/assetmanager.asp/app/resources/javascript/FCKeditor/2.3.1/editor/fckeditor.html/app/webroot/js/fckeditor/editor/fckeditor.html/apps/ecms/scripts/Editor/assetmanager/assetmanager.php/archive//assets/fckeditor/editor/filemanager/connectors/uploadtest.html/assets/includes/fckeditor/editor/fckeditor.html/assets/js/fckeditor/editor/fckeditor.html/backup/backup.sql/backup/bigdump.php/backup/bigdump/bigdump.php/backup/dump.sql/bbs/convert/index.php/bbs/utility/convert/index.php/blog//blog/admin/FCKeditor/editor/fckeditor.html/blog/FCKeditor/editor/fckeditor.html/blog/robots.txt/blog/wp-admin/setup-config.php/blog/wp-content/plugins/fckeditor-for-wordpress-plugin/fckeditor/editor/fckeditor.html/blog/wp-login.php/cart/admin/htmleditor/editor/fckeditor.html/cart/index.php/cart/stylesheet.css/catalog//catalog/install/templates/main_page/stylesheet.css/cms/_includes/fckeditor/editor/fckeditor.html/cms/app/webroot/js/fckeditor/editor/fckeditor.html/cms/assetmanager/assetmanager.php/cms/fckeditor/editor/fckeditor.html/cms/HTMLEditor/editor/fckeditor.html/cms/install//cms/modules/articles/assetmanager/assetmanager.php/cms/wp-login.php/common/editor/fckeditor/editor//common/fckeditor/editor//common/fckeditor/editor/fckeditor.html/common/htmlarea/editor/fckeditor.html/common/third_party/FCKeditor/editor/fckeditor.html/components/com_creativecontactform/fileupload/files/phptest.php/components/com_creativecontactform/fileupload/index.php/db/include/class/fckeditor/editor/fckeditor.html/db/uploadTester.asp/demo/uploadTester.asp/dump/bigdump.php/dump/bigdump/bigdump.php/editor//editor/assetmanager/asset.asp/editor/assetmanager/assetmanager.asp/editor/assetmanager/assetmanager.aspx/editor/assetmanager/assetmanager.php/editor/dialogs/dialog.php/editor/editor/editor/editor//editor/editor/fckeditor.html/editor/editor/filemanager/browser/default/connectors/asp/connector.asp/editor/editor/filemanager/browser/default/connectors/aspx/connector.aspx/editor/editor/filemanager/browser/default/connectors/php/connector.php/editor/editor/filemanager/connectors/asp/connector.asp/editor/editor/filemanager/connectors/aspx/connector.aspx/editor/editor/filemanager/connectors/php/connector.php/editor/fckeditor.html/editor/fckeditor/editor//editor/filemanager/browser/default/connectors/asp/connector.asp/editor/library/editor4_2_1/assetmanager/assetmanager.php/fck/editor//fck/editor/fckeditor.html/fckeditor/editor/fckeditor/editor//fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp/fckeditor/editor/filemanager/connectors/uploadtest.html/fckeditor/fckeditor/editor/fckeditor.html/fckeditor/jscripts/editor/fckeditor.html/feng/readme.txt/fengoffice/readme.txt/files/fckeditor/editor/filemanager/connectors/uploadtest.html/files/filebox/File/fileUpload.Html/files/static/fckeditor/editor/fckeditor.html/forum/backup.sql/forum/bigdump.php/forum/clientscript/vbulletin_global.js/forum/dump.sql/forums/backup.sql/forums/bigdump.php/forums/clientscript/vbulletin_global.js/forums/dump.sql/html/editor/wp-content/plugins/fckeditor_for_wordpress/fckeditor/editor/fckeditor.html/html/js/editor/fckeditor/editor/fckeditor.html/html/proudphufah/admin/fckeditor/editor/fckeditor.html/inc/editor/fckeditor/editor//inc/fck/editor//inc/fckeditor/editor//inc/fckeditor/editor/fckeditor.html/inc/fckeditor/editor/filemanager/connectors/uploadtest.html/inc/uploadTester.asp/include/ckeditor/plugins/pagebreak/images/inCahe.php/include/editor/fckeditor.html/include/fckeditor/editor//include/fckeditor/editor/fckeditor.html/include/js/fckeditor/editor/fckeditor.html/include/spaw2/dialogs/dialog.php/includes/editors/fckeditor/editor/fckeditor.html/includes/fckeditor/editor//includes/fckeditor/editor/fckeditor.html/includes/fckeditor/editor/filemanager/connectors/uploadtest.html/includes/phpEasyAdmin/form/textarea/editor/fckeditor.html/includes/RTE/RTE_popup_file_atch.asp/includes/spaw2/dialogs/dialog.php/intranet/fckeditor/editor/fckeditor.html/joomla/Medkorp/mambots/editors/fckeditor/editor/fckeditor.html/js/3rdparty/fckeditor/editor/fckeditor.html/js/assetmanager/assetmanager.php/js/editor//js/fckeditor/editor//js/fckeditor/editor/fckeditor.html/js/fckeditor/editor/filemanager/connectors/uploadtest.html/js/krte/editor/fckeditor.html/js/lib/ccard.js/js/lib/fckeditor/editor/fckeditor.html/js/mage/cookies.js/js/prototype/prototype.js/lib/editor/dialogs/dialog.php/lib/editor3/assetmanager/assetmanager.asp/lib/FCKeditor/editor/lib/fckeditor/editor/filemanager/connectors/uploadtest.html/lib/spaw2/dialogs/dialog.php/libs/fckeditor/editor/fckeditor.html/lists/admin/FCKeditor/editor/fckeditor.html/manage/editor/fckeditor.html/manage/fckeditor/editor//manage/fckeditor/editor/fckeditor.html/manage/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp/manager/fckeditor/editor//manager/scripts/assetmanager/assetmanager.asp/media/dhl/info.php/media/jui/js/cms.js/media/system/js/caption.js/misc/batch.js/misc/druplicon.png/modules/editor/fckeditor/editor/fckeditor.html/modules/fckeditor/editor/fckeditor.html/modules/fckeditor/fckeditor/editor/fckeditor.html/modules/mod_fxprev/libraries/tmpl.php/osc/stylesheet.css/plugins/editor.zoho/agent/save_zoho.php/plugins/editors/innova/assetmanager/assetmanager.php/plugins/fckeditor-spip-2/fckeditor/editor/fckeditor.html/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html/plugins/HTMLeditor/FCKeditor/editor/fckeditor.html/plugins/htmleditor2/assetmanager/assetmanager.php/plugins/innova/assetmanager/assetmanager.php/pub/mambots/editors/fckeditor/editor/fckeditor.html/public/fckeditor/editor/fckeditor.html/public/js/fckeditor/editor/fckeditor.html/public/js/fckeditor/fckeditor.html/register/fckeditor/editor/fckeditor.html/scripts/assetmanager/assetmanager.asp/scripts/fckeditor/editor//scripts/fckeditor/editor/fckeditor.html/scripts/iseditor/assetmanager/assetmanager.php/section/wp-login.php/service/wp-login.php/shop//shop/admin/shop/administrator/shop/assets/js/fckeditor/editor/fckeditor.html/shop/index.php/admin/shop/index.php/administrator/siteadmin/FCKeditor/editor//sites/all/libraries/elfinder/elfinder.html/sites/all/libraries/fckeditor/editor/fckeditor.html/sites/all/libraries/fckeditor/fckeditor.html/sites/all/modules/fckeditor/fckeditor/editor/fckeditor.html/sites/efeefe.no-ip.org/modules_bak/fckeditor/fckeditor/editor/fckeditor.html/src/azelastin/assetmanager/assetmanager.php/static/scripts/ajax/FCKeditor/editor/fckeditor.html/store//store/admin/store/administrator/store/index.php/store/index.php/admin/store/index.php/administrator/store/stylesheet.css/system/ext/FCKeditor//system/ext/fckeditor/editor/fckeditor.html/system/fckeditor/editor//system/fckeditor/editor/fckeditor.html/system/lib/ext/fckeditor/editor/fckeditor.html/system/templates/modules/admin/editor/assetmanager/assetmanager.php/templates/us/admin-panel/HTML_Editor/assetmanager/assetmanager.php/upload/uploadTester.asp/webmanage/fckeditor/editor/fckeditor.html/webmanage/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp/wordpress//wordpress/wp-admin/setup-config.php/wordpress/wp-login.php/wp-admin//wp-admin/admin-ajax.php/wp-admin/includes/image-import.php/wp-admin/setup-config.php/wp-admin/wp-login.php/wp-content//wp-content/backup-db//wp-content/plugins/chenpress/FCKeditor/editor/fckeditor.html/wp-content/plugins/dzs-videogallery/admin/upload.php/wp-content/plugins/dzs-zoomsounds//wp-content/plugins/dzs-zoomsounds/admin/upload.php/wp-content/plugins/fckeditor-for-wordpress-plugin/fckeditor/editor/fckeditor.html/wp-content/plugins/fckeditor_for_wordpress/fckeditor/editor/fckeditor.html/wp-content/plugins/formcraft/file-upload/server/content/upload.php/wp-content/plugins/gravityforms/js/gravityforms.js/wp-content/plugins/inboundio-marketing/admin/partials/csv_uploader.php/wp-content/plugins/Login-wall-etgFB/login_wall.php/wp-content/plugins/Login-wall-YsqOw/login_wall.php/wp-content/plugins/mainwp-child/readme.txt/wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php/wp-content/plugins/reflex-gallery/readme.txt/wp-content/plugins/resd.php/wp-content/plugins/revslider/js/rev_admin.js/wp-content/plugins/revslider/revslider_admin.php/wp-content/plugins/revslider/temp/update_extract/phptest.php/wp-content/plugins/revslider/temp/update_extract/resd.php/wp-content/plugins/sexy-contact-form/includes/js/sexycontactform.js/wp-content/plugins/showbiz/js/showbiz_admin.js/wp-content/plugins/simple-ads-manager/sam-ajax-admin.php/wp-content/plugins/ultimate-product-catalogue/product-sheets/wp-setup.php/wp-content/plugins/wp-db-backup/readme.txt/wp-content/plugins/wp-insert/fckeditor/editor/fckeditor.html/wp-content/plugins/wp-symposium/server/php/index.php/wp-content/plugins/wpallimport/phptest.php/wp-content/plugins/wpshop/includes/ajax.php/wp-content/plugins/xcloner-backup-and-restore/readme.txt/wp-content/sedlex/backup-scheduler//wp-content/themes/ProjectTheme/lib/upload_main/upload.php/wp-content/uploads/2015/08/info.php/wp-content/uploads/gravity_forms/_input_1_.php5/wp-content/uploads/phptest.php/wp-content/uploads/wpfoot.php/wp-includes/js/colorpicker.js/wp-login.php/wp-login//wp//wp/wp-admin/setup-config.php/wp/wp-login.php/zencart/index.php 1 Link to comment Share on other sites More sharing options...
Recommended Posts