scanning for Wordpress?

Jan. 5th, 2022 11:30 pm
cellio: (Default)
[personal profile] cellio

Every now and then I remember to look at my web site's traffic. Every month my site produces a few hundred "URL not found" errors, and almost all of them are related to Wordpress -- wp-login.php, xmlrpc.php, and wlwmanifest.xml (tried at a bunch of entry points, each exactly 30 times in the last 30 days, presumably a daily probe).

I don't run Wordpress -- never have. But I guess it's popular enough, and has bugs or security holes, that people find it worthwhile to send their bots to look for it on every web site they can find?

Tags:
Flat | Top-Level Comments Only

(no subject)

Date: 2022-01-06 09:29 am (UTC)
madfilkentist: (Default)
From: [personal profile] madfilkentist
WordPress is by far the most popular platform for websites, and especially for self-hosted sites, which often have miserable security. It's even used for sites that could be served as plain HTML, which is vastly more secure.

WordPress, like any software, has bugs, though the developers are good at finding and fixing them. The attackers are going after a few different things, including:

  • Sites running outdated versions with known bugs.
  • Plugins with security holes of their own (and outdated versions of them).
  • Admin accounts with weak passwords.
  • Sites with publicly readable configuration files (the equivalent of leaving the key under the doormat).


Most of these sites have little valuable content, but they can be hacked into for botnets, cryptomining, etc.

(no subject)

Date: 2022-01-07 04:34 am (UTC)
cellio: (Default)
From: [personal profile] cellio

Good points, thanks. And I hadn't thought about the "hack it for botnets/mining, not anything about the site itself" angle.

Flat | Top-Level Comments Only

Expand Cut Tags

No cut tags
Top of page