404 Hits

[Joss]

On one site I added a little bit of code to just keep a track of page visits. For fun, I also added it to the 404 page.

Over the last month I have had over 1000 hits to the 404, which made me wonder who was getting my site addresses so wrong.

Obviously, this is a terribly course tool and does not tell me anything other than it is being hit.

So, being curious, I chucked an email at the hosting provider, asking them if they had a clue from their logs (i am terrible at reading logs)

Yes, they said. The vast majority of 404s are being caused by people trying to hit the following page:

mydomain.com/wp-admin

Now, what a surprise!

[tpr]

Looks like a great place to place ads

[Joss]

Looks like a great place to place ads

For Processwire, of course....

[Joss]

Actually, perhaps Processwire should come with optional pages for wp-admin and a couple of other WordPress standards that are nicely written and polite.

"Should have chosen Processwire."

[tpr]

There was a similar discussion here in the forums which I can't find now, someone even suggested a module for this purpose

[Joss]

Good idea - though to be in keeping with the joke the module would have to demand weekly updates to avoid catastrophic bugs.

[Mike Rockett]

There was a similar discussion here in the forums which I can't find now, someone even suggested a module for this purpose

Actually, perhaps Processwire should come with optional pages for wp-admin and a couple of other WordPress standards that are nicely written and polite.

"Should have chosen Processwire."

Granted, my solution here is not very polite, but the methodology is there. ;-)

[MuchDev]

I'm a fan of a good sarcastic gif

or better yet

[kixe]

Handy tools

1. log your 404s with http://modules.processwire.com/modules/process404-logger/
2. edit redirects (includes a hitcounter) with http://modules.processwire.com/modules/process-redirects/
3. or (wildcard redirects possible like wp-*) http://modules.processwire.com/modules/process-jumplinks/

[Mike Rockett]

or (wildcard redirects possible like wp-*) http://modules.processwire.com/modules/process-jumplinks/

It's actually wp-{all} or, to be more specific, wp-<admin|content|login|includes>{all}.

The point of my previous post was to make a special wildcard, perhaps called {wordpress} for easy redirection to something funny.

[Joss]

Kixe, I have installed your logger, so it will be interesting to see what it kicks out. I know wp-admin is the most common one, but I don't think it is all of them.  Nice tool.

[OrganizedFellow]

You should create a 'wp-login' page and log all the attempted usernames and passwords.

This guy has a great idea!! http://www.korn19.ch/coding/wordpress_logins.php

[MatthewSchenker]

Greetings,

Hmm... Everyone run a check.  After reading this, I took a look at some logs on a few of my own projects, and what do you know -- several hits on /[domain]/wp-admin.

Joss may have stumbled onto a poke-wp opportunity.  Maybe we could start a movement among all non-wp CMSs to redirect such requests to a particular WordPress page.  That would be mean, of course -- potentially increasing their site visits overnight by millions of hits.

Thanks,

Matthew

[Joss]

Just a cursory glance at the logs shows mostly wp-login, attempting to find it in various places: /wp/ or /wordpress/ or /news/blog/ and so on. Actually, it is probably a pretty authoritative list of the most common places people install wordpress.

I get the odd other wp- files and then also quite a few attempted hits on jquery.js (in places where I don't have it, of course).

The IP addresses tend to be mostly Dehli with some Ukraine and one repetitive address in Tulsa. 

IP address 67.20.55.130 was having a good hunt around for vbullitin last night and also looking for bigdump.php and a couple of backup.sql scripts.

So, this is also proving to be a list of file names you should not have in your web accessible hierarchy because they are searched out by intruders.

I have blocked a couple of the ip addresses on CPanel for interest and there was less activity in the last 24 hours, though I suspect that could prove a full time occupation if one were not careful. It almost needs an automated script that says:

"If an IP address attempts to find a file name from a blacklist more than N number of times, then block IP"

So, in our cases, we would put on the blacklist common files from Drumalpress and a couple of forums, plus some things like backup.php which we do not have.

It would need to be domain name specific, of course or you could end up blocking yourself!

[LostKobrakai]

Joss may have stumbled onto a poke-wp opportunity.  Maybe we could start a movement among all non-wp CMSs to redirect such requests to a particular WordPress page.  That would be mean, of course -- potentially increasing their site visits overnight by millions of hits.

This would make you no better than any ddos botnet, but maybe we can create a crazy performant site, which does log all prevented wordpress login/hack attempts (redirect or via some kind of api). Then a few statistics about it and we've some good marketing material for processwire.

[Joss]

Just for interest, I wonder how many PW users rename their admin? I always do, normally something relating to the site.  So, if I had joss.com (which I don't!) I would create jsadmin or something. I vary the system quite a lot, but useful to keep it vaguely memorable for client sites. 

The ability to rename admin I think is a particularly neat security feature in PW. It might not be uber-powerful, but is so simple and just creates a nice little hurdle for bots to trip over.

[rick]

Since we have a new security forum, why not post a topic containing the IPs and related files there, where we can all benefit from a pseudo- 'blacklist'?

[Joss]

That could end up a long list!

[Craig]

Just for interest, I wonder how many PW users rename their admin? 

I do. But I always use the same consistent name - which works well a) for me when I come back to a site I built years ago, and b) for other team members at work so they know where to go.

[Joss]

Yes, I have always been very good at telling people where to go.

Not ever done it via an admin address though....

[Mike Rockett]

Just for interest, I wonder how many PW users rename their admin? I always do, normally something relating to the site.  So, if I had joss.com (which I don't!) I would create jsadmin or something. I vary the system quite a lot, but useful to keep it vaguely memorable for client sites. 

The ability to rename admin I think is a particularly neat security feature in PW. It might not be uber-powerful, but is so simple and just creates a nice little hurdle for bots to trip over.

Yeah, I always rename the admin area. Lately, I've started making it 'siteadministration-', followed by their randomised five-digit account reference tag. So, for example: abcaccounting.co.za/siteadministration-f851z. For ease-of-reference, I ask them to bookmark the URL so they need not remember it.

Also building a Client Centre for my clients so that they have access to the URL, should they loose the bookmark. (Client Centre also handles their cPanel email management etc.)

[Joss]

Just been having a peak at my 404 logs.

Various Wordpress files are featuring very highly, but also many attempts to find my jquery.js file. 

Another one that comes up a lot is /utility/convert/data/config.inc.php and variations.  What is that from?

But by far the most popular are wp-XX files. It shows that if you have a WordPress site, you WILL get hundreds of attempts to take it down each day, even on your little-visited blog.

How comforting ...

[cstevensjr]

  

Another one that comes up a lot is /utility/convert/data/config.inc.php and variations.  What is that from?

I believe this is also associated with trying to access WP sites.

[Joss]

Didn't know they had a utility directory.

[horst]

I have some more different in my collection

/admin.php
/admin/actualites4/editor/fckeditor.html
/admin/assetmanager/assetmanager.asp
/admin/assetmanager/assetmanager.aspx
/admin/assetmanager/assetmanager.php
/admin/assetmanager/default.asp
/admin/backup.sql
/admin/backup/backup.sql
/admin/backup/db.sql
/admin/backup/dump.sql
/admin/bigdump.php
/admin/classes/components/formattedTextArea/fckeditor/editor/fckeditor.html
/admin/Cms_Wysiwyg/directive/index/
/admin/common/editor/assetmanager/assetmanager.php
/admin/database.sql
/admin/db.sql
/admin/default_image.asp
/admin/default_image.aspx
/admin/dump.sql
/admin/dump/bigdump.php
/admin/edit/default_image.asp
/admin/edit/default_image.aspx
/admin/editor
/admin/Editor/assetmanager/assetmanager.asp
/admin/Editor/assetmanager/assetmanager.aspx
/admin/editor/assetmanager/assetmanager.php
/admin/editor/default_Image.asp
/admin/editor/default_Image.aspx
/admin/editor/dialogs/dialog.php
/admin/editor/editor/
/admin/editor/fckeditor.html
/admin/EDITOR/RTE_popup_file_atch.asp
/admin/editors/fckeditor/editor/fckeditor.html
/admin/fck/editor/fckeditor.html
/admin/FCKeditor/editor
/admin/fckeditor/editor/
/admin/fckeditor/editor/fckeditor.html
/admin/FCKeditor/editor/filemanager/browser/default/connectors/asp/connector.asp
/admin/FCKeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx
/admin/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php
/admin/FCKeditor/editor/filemanager/connectors/asp/connector.asp
/admin/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx
/admin/FCKeditor/editor/filemanager/connectors/php/connector.php
/admin/fckeditor/editor/filemanager/connectors/php/upload.php
/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
/admin/fckeditor_ap/editor/fckeditor.html
/admin/fckeditor1/editor/fckeditor.html
/admin/inc/scripts/assetmanager/assetmanager.asp
/admin/include/uploadTester.asp
/admin/includes/rte/editor/fckeditor.html
/admin/is_editor/assetmanager/assetmanager.php
/admin/js/fckeditor/editor/
/admin/libexterne/fckeditor/editor/fckeditor.html
/admin/MembersAreaManager/components/Editor/assetmanager/assetmanager.asp
/admin/panel/fckeditor/fckeditor.html
/admin/produtos/fckeditor/editor/fckeditor.html
/admin/rte/RTE_popup_file_atch.asp
/admin/rte_popup_file_atch.asp
/admin/SiteEngineManager/components/Editor/assetmanager/assetmanager.asp
/admin/SiteEngineManager/components/Editor/assetmanager/assetmanager.aspx
/admin/spaw/dialogs/dialog.php
/admin/spaw2/dialogs/dialog.php
/admin/system/editor/fckeditor/editor/fckeditor.html
/admin/templates/editor/fckeditor.html
/admin/templates/fckeditor/editor/fckeditor.html
/admin/uploadarticles/uploadTester.asp
/admin/uploadTester.asp
/admin/view/javascript/fckeditor/editor/fckeditor.html
/admin/wp-login.php
/admin/WYSIWYGeditor/assetmanager/assetmanager.aspx
/administrator/
/administrator/components/com_joomlaupdate/restore.php
/administrator/Editor/assetmanager/assetmanager.asp
/administrator/editors/fckeditor/fckeditor.html
/administrator/fckeditor/editor/fckeditor.html
/administrator/fckeditor1/editor/fckeditor.html
/administrator/index.php
/administrator/php/editor/fckeditor.html
/administrator/SiteEngineManager/components/Editor/assetmanager/assetmanager.asp
/app/resources/javascript/FCKeditor/2.3.1/editor/fckeditor.html
/app/webroot/js/fckeditor/editor/fckeditor.html
/apps/ecms/scripts/Editor/assetmanager/assetmanager.php
/archive/
/assets/fckeditor/editor/filemanager/connectors/uploadtest.html
/assets/includes/fckeditor/editor/fckeditor.html
/assets/js/fckeditor/editor/fckeditor.html
/backup/backup.sql
/backup/bigdump.php
/backup/bigdump/bigdump.php
/backup/dump.sql
/bbs/convert/index.php
/bbs/utility/convert/index.php
/blog/
/blog/admin/FCKeditor/editor/fckeditor.html
/blog/FCKeditor/editor/fckeditor.html
/blog/robots.txt
/blog/wp-admin/setup-config.php
/blog/wp-content/plugins/fckeditor-for-wordpress-plugin/fckeditor/editor/fckeditor.html
/blog/wp-login.php
/cart/admin/htmleditor/editor/fckeditor.html
/cart/index.php
/cart/stylesheet.css
/catalog/
/catalog/install/templates/main_page/stylesheet.css
/cms/_includes/fckeditor/editor/fckeditor.html
/cms/app/webroot/js/fckeditor/editor/fckeditor.html
/cms/assetmanager/assetmanager.php
/cms/fckeditor/editor/fckeditor.html
/cms/HTMLEditor/editor/fckeditor.html
/cms/install/
/cms/modules/articles/assetmanager/assetmanager.php
/cms/wp-login.php
/common/editor/fckeditor/editor/
/common/fckeditor/editor/
/common/fckeditor/editor/fckeditor.html
/common/htmlarea/editor/fckeditor.html
/common/third_party/FCKeditor/editor/fckeditor.html
/components/com_creativecontactform/fileupload/files/phptest.php
/components/com_creativecontactform/fileupload/index.php
/db/include/class/fckeditor/editor/fckeditor.html
/db/uploadTester.asp
/demo/uploadTester.asp
/dump/bigdump.php
/dump/bigdump/bigdump.php
/editor/
/editor/assetmanager/asset.asp
/editor/assetmanager/assetmanager.asp
/editor/assetmanager/assetmanager.aspx
/editor/assetmanager/assetmanager.php
/editor/dialogs/dialog.php
/editor/editor
/editor/editor/
/editor/editor/fckeditor.html
/editor/editor/filemanager/browser/default/connectors/asp/connector.asp
/editor/editor/filemanager/browser/default/connectors/aspx/connector.aspx
/editor/editor/filemanager/browser/default/connectors/php/connector.php
/editor/editor/filemanager/connectors/asp/connector.asp
/editor/editor/filemanager/connectors/aspx/connector.aspx
/editor/editor/filemanager/connectors/php/connector.php
/editor/fckeditor.html
/editor/fckeditor/editor/
/editor/filemanager/browser/default/connectors/asp/connector.asp
/editor/library/editor4_2_1/assetmanager/assetmanager.php
/fck/editor/
/fck/editor/fckeditor.html
/fckeditor/editor
/fckeditor/editor/
/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp
/fckeditor/editor/filemanager/connectors/uploadtest.html
/fckeditor/fckeditor/editor/fckeditor.html
/fckeditor/jscripts/editor/fckeditor.html
/feng/readme.txt
/fengoffice/readme.txt
/files/fckeditor/editor/filemanager/connectors/uploadtest.html
/files/filebox/File/fileUpload.Html
/files/static/fckeditor/editor/fckeditor.html
/forum/backup.sql
/forum/bigdump.php
/forum/clientscript/vbulletin_global.js
/forum/dump.sql
/forums/backup.sql
/forums/bigdump.php
/forums/clientscript/vbulletin_global.js
/forums/dump.sql
/html/editor/wp-content/plugins/fckeditor_for_wordpress/fckeditor/editor/fckeditor.html
/html/js/editor/fckeditor/editor/fckeditor.html
/html/proudphufah/admin/fckeditor/editor/fckeditor.html
/inc/editor/fckeditor/editor/
/inc/fck/editor/
/inc/fckeditor/editor/
/inc/fckeditor/editor/fckeditor.html
/inc/fckeditor/editor/filemanager/connectors/uploadtest.html
/inc/uploadTester.asp
/include/ckeditor/plugins/pagebreak/images/inCahe.php
/include/editor/fckeditor.html
/include/fckeditor/editor/
/include/fckeditor/editor/fckeditor.html
/include/js/fckeditor/editor/fckeditor.html
/include/spaw2/dialogs/dialog.php
/includes/editors/fckeditor/editor/fckeditor.html
/includes/fckeditor/editor/
/includes/fckeditor/editor/fckeditor.html
/includes/fckeditor/editor/filemanager/connectors/uploadtest.html
/includes/phpEasyAdmin/form/textarea/editor/fckeditor.html
/includes/RTE/RTE_popup_file_atch.asp
/includes/spaw2/dialogs/dialog.php
/intranet/fckeditor/editor/fckeditor.html
/joomla/Medkorp/mambots/editors/fckeditor/editor/fckeditor.html
/js/3rdparty/fckeditor/editor/fckeditor.html
/js/assetmanager/assetmanager.php
/js/editor/
/js/fckeditor/editor/
/js/fckeditor/editor/fckeditor.html
/js/fckeditor/editor/filemanager/connectors/uploadtest.html
/js/krte/editor/fckeditor.html
/js/lib/ccard.js
/js/lib/fckeditor/editor/fckeditor.html
/js/mage/cookies.js
/js/prototype/prototype.js
/lib/editor/dialogs/dialog.php
/lib/editor3/assetmanager/assetmanager.asp
/lib/FCKeditor/editor
/lib/fckeditor/editor/filemanager/connectors/uploadtest.html
/lib/spaw2/dialogs/dialog.php
/libs/fckeditor/editor/fckeditor.html
/lists/admin/FCKeditor/editor/fckeditor.html
/manage/editor/fckeditor.html
/manage/fckeditor/editor/
/manage/fckeditor/editor/fckeditor.html
/manage/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp
/manager/fckeditor/editor/
/manager/scripts/assetmanager/assetmanager.asp
/media/dhl/info.php
/media/jui/js/cms.js
/media/system/js/caption.js
/misc/batch.js
/misc/druplicon.png
/modules/editor/fckeditor/editor/fckeditor.html
/modules/fckeditor/editor/fckeditor.html
/modules/fckeditor/fckeditor/editor/fckeditor.html
/modules/mod_fxprev/libraries/tmpl.php
/osc/stylesheet.css
/plugins/editor.zoho/agent/save_zoho.php
/plugins/editors/innova/assetmanager/assetmanager.php
/plugins/fckeditor-spip-2/fckeditor/editor/fckeditor.html
/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html
/plugins/HTMLeditor/FCKeditor/editor/fckeditor.html
/plugins/htmleditor2/assetmanager/assetmanager.php
/plugins/innova/assetmanager/assetmanager.php
/pub/mambots/editors/fckeditor/editor/fckeditor.html
/public/fckeditor/editor/fckeditor.html
/public/js/fckeditor/editor/fckeditor.html
/public/js/fckeditor/fckeditor.html
/register/fckeditor/editor/fckeditor.html
/scripts/assetmanager/assetmanager.asp
/scripts/fckeditor/editor/
/scripts/fckeditor/editor/fckeditor.html
/scripts/iseditor/assetmanager/assetmanager.php
/section/wp-login.php
/service/wp-login.php
/shop/
/shop/admin
/shop/administrator
/shop/assets/js/fckeditor/editor/fckeditor.html
/shop/index.php/admin
/shop/index.php/administrator
/siteadmin/FCKeditor/editor/
/sites/all/libraries/elfinder/elfinder.html
/sites/all/libraries/fckeditor/editor/fckeditor.html
/sites/all/libraries/fckeditor/fckeditor.html
/sites/all/modules/fckeditor/fckeditor/editor/fckeditor.html
/sites/efeefe.no-ip.org/modules_bak/fckeditor/fckeditor/editor/fckeditor.html
/src/azelastin/assetmanager/assetmanager.php
/static/scripts/ajax/FCKeditor/editor/fckeditor.html
/store/
/store/admin
/store/administrator
/store/index.php
/store/index.php/admin
/store/index.php/administrator
/store/stylesheet.css
/system/ext/FCKeditor/
/system/ext/fckeditor/editor/fckeditor.html
/system/fckeditor/editor/
/system/fckeditor/editor/fckeditor.html
/system/lib/ext/fckeditor/editor/fckeditor.html
/system/templates/modules/admin/editor/assetmanager/assetmanager.php
/templates/us/admin-panel/HTML_Editor/assetmanager/assetmanager.php
/upload/uploadTester.asp
/webmanage/fckeditor/editor/fckeditor.html
/webmanage/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp
/wordpress/
/wordpress/wp-admin/setup-config.php
/wordpress/wp-login.php
/wp-admin/
/wp-admin/admin-ajax.php
/wp-admin/includes/image-import.php
/wp-admin/setup-config.php
/wp-admin/wp-login.php
/wp-content/
/wp-content/backup-db/
/wp-content/plugins/chenpress/FCKeditor/editor/fckeditor.html
/wp-content/plugins/dzs-videogallery/admin/upload.php
/wp-content/plugins/dzs-zoomsounds/
/wp-content/plugins/dzs-zoomsounds/admin/upload.php
/wp-content/plugins/fckeditor-for-wordpress-plugin/fckeditor/editor/fckeditor.html
/wp-content/plugins/fckeditor_for_wordpress/fckeditor/editor/fckeditor.html
/wp-content/plugins/formcraft/file-upload/server/content/upload.php
/wp-content/plugins/gravityforms/js/gravityforms.js
/wp-content/plugins/inboundio-marketing/admin/partials/csv_uploader.php
/wp-content/plugins/Login-wall-etgFB/login_wall.php
/wp-content/plugins/Login-wall-YsqOw/login_wall.php
/wp-content/plugins/mainwp-child/readme.txt
/wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php
/wp-content/plugins/reflex-gallery/readme.txt
/wp-content/plugins/resd.php
/wp-content/plugins/revslider/js/rev_admin.js
/wp-content/plugins/revslider/revslider_admin.php
/wp-content/plugins/revslider/temp/update_extract/phptest.php
/wp-content/plugins/revslider/temp/update_extract/resd.php
/wp-content/plugins/sexy-contact-form/includes/js/sexycontactform.js
/wp-content/plugins/showbiz/js/showbiz_admin.js
/wp-content/plugins/simple-ads-manager/sam-ajax-admin.php
/wp-content/plugins/ultimate-product-catalogue/product-sheets/wp-setup.php
/wp-content/plugins/wp-db-backup/readme.txt
/wp-content/plugins/wp-insert/fckeditor/editor/fckeditor.html
/wp-content/plugins/wp-symposium/server/php/index.php
/wp-content/plugins/wpallimport/phptest.php
/wp-content/plugins/wpshop/includes/ajax.php
/wp-content/plugins/xcloner-backup-and-restore/readme.txt
/wp-content/sedlex/backup-scheduler/
/wp-content/themes/ProjectTheme/lib/upload_main/upload.php
/wp-content/uploads/2015/08/info.php
/wp-content/uploads/gravity_forms/_input_1_.php5
/wp-content/uploads/phptest.php
/wp-content/uploads/wpfoot.php
/wp-includes/js/colorpicker.js
/wp-login.php
/wp-login/
/wp/
/wp/wp-admin/setup-config.php
/wp/wp-login.php
/zencart/index.php