Few days ago, I installed GoAcccess which is an (open source real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.), to analyze my NGINX access logs.
Main reason for that was to identify which files drain the traffic by asking me, do I need to move the libs to CDN to improve the performance.
But I was surprised by something else: Bots/Crawlers.
I mean all of us know, that the internet will be constantly scanned by crawlers like Google or Bing, and by malicious bots.
But I didn’t expect, that my blog was scanned around 300 times a day by malicious bots.
Here are just few examples from my access logs:
Wordpress
- /wp-json/
- /wp-content/plugins/mailcwp/mailcwp-upload.php
- /wp-content/plugins/Premium_Gallery_Manager/uploadify/uploadify.css
- /wp-content/plugins/complete-gallery-manager/frames/upload-images.php
- /wp-load.php?up2018info=f
- /wp-content/plugins/dzs-videogallery/admin/dzsuploader/upload.css
- /xmlrpc.php
Dot files/configs
- /.env
- /sftp-config.json
- /.ftpconfig
- /.remote-sync.json
- /.vscode/ftp-sync.json
- /.vscode/sftp.json
- /deployment-config.json
- /ftpsync.settings
PHPMyAdmin
- /phpmyadmin/
- /MyAdmin/scripts/setup.php
- /mysql/scripts/setup.php
- /phpmyadmin/scripts/_setup.php
- /pma/scripts/setup.php
- /myadmin/scripts/setup.php
Others
- /elrekt.php
- /remote/login
- /editBlackAndWhiteList
- /GponForm/diag_Form?images/
- /admin/config.php
- //admin/config.php?password[0]=bebydviyx&username=admin
- /administrator/index.php
- //a2billing/customer/templates/default/footer.tpl
- /thinkphp/html/public/index.php
- /TP/index.php
- /TP/html/public/index.php
- /api/v1/pods
- /install/lib/ajaxHandlers/ajaxServerSettingsChk.php?rootUname=;echo -n HellorConfig|md5sum #
- /scripts/setup.php
- /manager/html
- /_cat/indices