Your Website is Under Constant Attack

For those with a website, it can be an interesting and sometimes amusing experience to see what people have typed into search engines to get to your site.

Some of the things are so wide of the mark you wonder how you have appeared in a search for that term

Of my current search terms the most offbeat are:

“web designers for trade me” – would be nice, but it’s not me 🙁
“is it illegal to stream tv shows online” – sure is, thanks for asking
“the sharp edge of the wedge” – ummm

Even so, I can guess at what content I have written that may tie in with these

This one I’m not so sure

“nude girls database”

One other area that is interesting is the 404 Errors. These are when someone has tried to access some page or file on your website, but it was not available. (This is a good thing to check over time as it can identify issues on your site)

Apart from old links that have not been redirected, you can find evidence of probes into your website, looking for vulnerabilities, here is a selection of what has appeared on mine:

/phpMyAdmin/scripts/setup.php
/serv/whmcs.sql
/scripts/+1l.3r(
//phpMyAdmin-2.6.2-rc1/scripts/setup.php
//PMA2005/scripts/setup.php

Someone obviously thinks they can get into PHPmyadmin via a vulnerability with an undeleted setup script.

Curiously, they have tried every possible variation of naming convention to brute force their way in.

The same goes with other know scripts like OSCommerce, Joomla etc where known vulnerabilities are tried.

The moral of the story, keep your web based scripts up to date with the latest security releases.

Tagged with:

Leave a Reply

Your email address will not be published. Required fields are marked *