Quickies » music
Spam requests to xmlrpc.php and more
I realized a few days ago that making a mostly static website, I can also make a script that parses the logs for hits on places that don’e exist and that bots usually hit, like POST requests on /xmlrpc.php. And I wasn’t surprised to notice that over nine days, I’ve discovered 196 requests coming from about 90 IPs (for privacy, my server doesn’t log the last block of the IP address). I could publish the list of those classes, but picking randomly from it, this looks like simple malware-infected home hosts, so it’s pretty useless. But it’s a nice to see the URLs the bots and spammers try to access. Here’s a list:
| Hits | Method | URL | |
|---|---|---|---|
| 1 | 196 (15.51%) | POST | /xmlrpc.php |
| 2 | 74 (5.85%) | POST | /wp-login.php |
| 3 | 43 (3.40%) | GET | /robots.txt |
| 4 | 36 (2.85%) | GET | /stats |
| 5 | 30 (2.37%) | GET | /.env |
| 6 | 27 (2.14%) | GET | /.git/config |
| 7 | 23 (1.82%) | GET | /wp-login.php |
| 8 | 14 (1.11%) | GET | /xmlrpc.php |
| 9 | 14 (1.11%) | GET | /config.json |
| 10 | 10 (0.79%) | GET | /api/.env |
| 11 | 10 (0.79%) | GET | /_profiler/phpinfo |
| 12 | 8 (0.63%) | GET | /cmd_sco |
| 13 | 8 (0.63%) | GET | /.env.production |
| 14 | 8 (0.63%) | GET | /application/.env |
| 15 | 8 (0.63%) | GET | /wp/wp-includes/wlwmanifest.xml |
| 16 | 8 (0.63%) | GET | /2019/wp-includes/wlwmanifest.xml |
| 17 | 8 (0.63%) | GET | /shop/wp-includes/wlwmanifest.xml |
| 18 | 8 (0.63%) | GET | /wp1/wp-includes/wlwmanifest.xml |
| 19 | 8 (0.63%) | GET | /test/wp-includes/wlwmanifest.xml |
| 20 | 8 (0.63%) | GET | /site/wp-includes/wlwmanifest.xml |
| 21 | 8 (0.63%) | GET | /cms/wp-includes/wlwmanifest.xml |
| 22 | 8 (0.63%) | GET | /stats/ |
| 23 | 8 (0.63%) | GET | /.aws/credentials |
| 24 | 7 (0.55%) | GET | /web/wp-includes/wlwmanifest.xml |
| 25 | 7 (0.55%) | GET | /wordpress/wp-includes/wlwmanifest.xml |
| 26 | 6 (0.47%) | GET | /.env.local |
| 27 | 6 (0.47%) | GET | /blog.env |
| 28 | 6 (0.47%) | GET | /wp-content/.env |
| 29 | 6 (0.47%) | GET | /app/.env |
| 30 | 6 (0.47%) | GET | /config/.env |
| 31 | 6 (0.47%) | GET | /laravel/.env |
| 32 | 6 (0.47%) | GET | /library/.env |
| 33 | 6 (0.47%) | GET | /nextjs-app/.env |
| 34 | 6 (0.47%) | GET | /node-api/.env |
| 35 | 6 (0.47%) | GET | /vendor/.env |
| 36 | 6 (0.47%) | GET | /myproject/.env |
| 37 | 6 (0.47%) | GET | /.envs/.production/.django |
| 38 | 6 (0.47%) | GET | /react-app/.env |
| 39 | 6 (0.47%) | GET | /react-app/.env.production |
| 40 | 6 (0.47%) | GET | /wp-includes/wlwmanifest.xml |
| 41 | 6 (0.47%) | GET | /wp2/wp-includes/wlwmanifest.xml |
| 42 | 6 (0.47%) | GET | /sito/wp-includes/wlwmanifest.xml |
| 43 | 6 (0.47%) | GET | /blog/wp-includes/wlwmanifest.xml |
| 44 | 6 (0.47%) | GET | /.vscode/sftp.json |
| 45 | 6 (0.47%) | GET | /info.php |
| 46 | 5 (0.40%) | GET | /website/wp-includes/wlwmanifest.xml |
| 47 | 5 (0.40%) | GET | /news/wp-includes/wlwmanifest.xml |
| 48 | 5 (0.40%) | GET | /2020/wp-includes/wlwmanifest.xml |
| 49 | 4 (0.32%) | GET | /login |
| 50 | 4 (0.32%) | GET | /wp-json/custom/v1/ |
| 51 | 4 (0.32%) | GET | /blog-verify |
| 52 | 4 (0.32%) | GET | /admin/.env |
| 53 | 4 (0.32%) | GET | /@vite/env |
| 54 | 4 (0.32%) | GET | /actuator/env |
| 55 | 4 (0.32%) | GET | /server |
| 56 | 4 (0.32%) | GET | /about |
| 57 | 4 (0.32%) | GET | /debug/default/view |
| 58 | 4 (0.32%) | GET | /v2/_catalog |
| 59 | 4 (0.32%) | GET | /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application |
| 60 | 4 (0.32%) | GET | /server-status |
| 61 | 4 (0.32%) | GET | /login.action |
| 62 | 4 (0.32%) | GET | /_all_dbs |
| 63 | 4 (0.32%) | GET | /.DS_Store |
| 64 | 4 (0.32%) | GET | /s/130313e2934323e2336313e29363/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties |
| 65 | 4 (0.32%) | GET | /telescope/requests |
| 66 | 4 (0.32%) | GET | /aaa.php |
| 67 | 4 (0.32%) | GET | /admin.php |
| 68 | 4 (0.32%) | GET | /defaults.php |
| 69 | 4 (0.32%) | GET | /about.php |
| 70 | 4 (0.32%) | GET | /php_info.php |
| 71 | 4 (0.32%) | GET | /phpinfo.php |
| 72 | 4 (0.32%) | GET | /phpinfo |
| 73 | 3 (0.24%) | GET | /.remote |
| 74 | 3 (0.24%) | GET | /.local |
| 75 | 3 (0.24%) | GET | /.production |
| 76 | 3 (0.24%) | GET | /wp-content/ |
| 77 | 3 (0.24%) | GET | /2018/wp-includes/wlwmanifest.xml |
| 78 | 3 (0.24%) | GET | /media/wp-includes/wlwmanifest.xml |
| 79 | 2 (0.16%) | GET | /application/config/constants.php |
| 80 | 2 (0.16%) | GET | /appsettings.json |
by Andrei on
Twenty One Pilots - City Walls
The story of Clancy is coming to its conclusion. Watch the entire story in a playlist.
by Andrei on
New Old Chinese Walkman
Remember the old Chinese Walkman I wrote a while ago? I got its blue sibling and it’s up for a photoshoot! Of course, it sounds like shit, but nostalgia is about remembering cool gadgets, not how good they were(n’t).
by Andrei on
Windows 95 turns 30!
On August 24, 1995, Microsoft released Windows 95, their operating system which introduced numerous functions and features that were featured in later Windows versions, and continue in modern variations to this day, such as the taskbar, the notification area, file shortcuts on the desktop, plug and play driver integration, removal of the requirement to have a separate copy of MS-DOS, the ability to full screen application windows, native internet integration, raising the maximum letters a filename can have from eight to 255, the Windows Explorer, and the “Start” button which summons the Start menu.
That was 30 years ago.
by Andrei on
Pendulum - Inertia (2025) - New Album
Fourth album by Pendulum is out and is a banger. Aside of the older singles that appeared on the Elemental EP and the digital-only Anima EP, the album brings some new tracks as well
by Andrei on
Valentino Rossi testing a Formula 1 Ferrari
Throwback to when Valentino Rossi tested a Ferrari F1 car and ended up just 0.7’s off Michael Schumacher’s pace…
Michael had set a time of 1m 11.640s with Rossi, driving an older spec of car and engine, lapping in 1m12.362s.
Former Ferrari chairman Luca di Montezemelo was so impressed he suggested that the team would field Rossi in a third car if the rules allowed it.
by Andrei on
In The Bin - Poorly Drawn Lines Comic
Sometimes you’re the raccoon outside, sometimes you’re the racoon inside. Source
by Andrei on
Age Verification coming to the EU?
The retards that seem to run not only the governments, but also parts of the internet are now trying to push age verification in the EU, after some US states took the bait and also the UK did. Few things to mention:
- Databases can and will be leaked. Proof
- The governments will definitely use these databases for nefarious purposes.
- VPNs exists. NordVPN, Surfshark, Private Internet Access, Njal.la, Proton VPN. Why let your government steal your personal data when a company can do this for you?
- People nowadays will use any excuse to blame everyone else but themselves for their shitty parenting. You know, instead of having hundreds of millions people expose their data, maybe some idiots shouldn’t give fucking phones with no parental controls to fucking 8 year olds.
