Quickies » music

Spam requests to xmlrpc.php and more

I realized a few days ago that making a mostly static website, I can also make a script that parses the logs for hits on places that don’e exist and that bots usually hit, like POST requests on /xmlrpc.php. And I wasn’t surprised to notice that over nine days, I’ve discovered 196 requests coming from about 90 IPs (for privacy, my server doesn’t log the last block of the IP address). I could publish the list of those classes, but picking randomly from it, this looks like simple malware-infected home hosts, so it’s pretty useless. But it’s a nice to see the URLs the bots and spammers try to access. Here’s a list:

Hits Method URL
1 196 (15.51%) POST /xmlrpc.php
2 74 (5.85%) POST /wp-login.php
3 43 (3.40%) GET /robots.txt
4 36 (2.85%) GET /stats
5 30 (2.37%) GET /.env
6 27 (2.14%) GET /.git/config
7 23 (1.82%) GET /wp-login.php
8 14 (1.11%) GET /xmlrpc.php
9 14 (1.11%) GET /config.json
10 10 (0.79%) GET /api/.env
11 10 (0.79%) GET /_profiler/phpinfo
12 8 (0.63%) GET /cmd_sco
13 8 (0.63%) GET /.env.production
14 8 (0.63%) GET /application/.env
15 8 (0.63%) GET /wp/wp-includes/wlwmanifest.xml
16 8 (0.63%) GET /2019/wp-includes/wlwmanifest.xml
17 8 (0.63%) GET /shop/wp-includes/wlwmanifest.xml
18 8 (0.63%) GET /wp1/wp-includes/wlwmanifest.xml
19 8 (0.63%) GET /test/wp-includes/wlwmanifest.xml
20 8 (0.63%) GET /site/wp-includes/wlwmanifest.xml
21 8 (0.63%) GET /cms/wp-includes/wlwmanifest.xml
22 8 (0.63%) GET /stats/
23 8 (0.63%) GET /.aws/credentials
24 7 (0.55%) GET /web/wp-includes/wlwmanifest.xml
25 7 (0.55%) GET /wordpress/wp-includes/wlwmanifest.xml
26 6 (0.47%) GET /.env.local
27 6 (0.47%) GET /blog.env
28 6 (0.47%) GET /wp-content/.env
29 6 (0.47%) GET /app/.env
30 6 (0.47%) GET /config/.env
31 6 (0.47%) GET /laravel/.env
32 6 (0.47%) GET /library/.env
33 6 (0.47%) GET /nextjs-app/.env
34 6 (0.47%) GET /node-api/.env
35 6 (0.47%) GET /vendor/.env
36 6 (0.47%) GET /myproject/.env
37 6 (0.47%) GET /.envs/.production/.django
38 6 (0.47%) GET /react-app/.env
39 6 (0.47%) GET /react-app/.env.production
40 6 (0.47%) GET /wp-includes/wlwmanifest.xml
41 6 (0.47%) GET /wp2/wp-includes/wlwmanifest.xml
42 6 (0.47%) GET /sito/wp-includes/wlwmanifest.xml
43 6 (0.47%) GET /blog/wp-includes/wlwmanifest.xml
44 6 (0.47%) GET /.vscode/sftp.json
45 6 (0.47%) GET /info.php
46 5 (0.40%) GET /website/wp-includes/wlwmanifest.xml
47 5 (0.40%) GET /news/wp-includes/wlwmanifest.xml
48 5 (0.40%) GET /2020/wp-includes/wlwmanifest.xml
49 4 (0.32%) GET /login
50 4 (0.32%) GET /wp-json/custom/v1/
51 4 (0.32%) GET /blog-verify
52 4 (0.32%) GET /admin/.env
53 4 (0.32%) GET /@vite/env
54 4 (0.32%) GET /actuator/env
55 4 (0.32%) GET /server
56 4 (0.32%) GET /about
57 4 (0.32%) GET /debug/default/view
58 4 (0.32%) GET /v2/_catalog
59 4 (0.32%) GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
60 4 (0.32%) GET /server-status
61 4 (0.32%) GET /login.action
62 4 (0.32%) GET /_all_dbs
63 4 (0.32%) GET /.DS_Store
64 4 (0.32%) GET /s/130313e2934323e2336313e29363/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties
65 4 (0.32%) GET /telescope/requests
66 4 (0.32%) GET /aaa.php
67 4 (0.32%) GET /admin.php
68 4 (0.32%) GET /defaults.php
69 4 (0.32%) GET /about.php
70 4 (0.32%) GET /php_info.php
71 4 (0.32%) GET /phpinfo.php
72 4 (0.32%) GET /phpinfo
73 3 (0.24%) GET /.remote
74 3 (0.24%) GET /.local
75 3 (0.24%) GET /.production
76 3 (0.24%) GET /wp-content/
77 3 (0.24%) GET /2018/wp-includes/wlwmanifest.xml
78 3 (0.24%) GET /media/wp-includes/wlwmanifest.xml
79 2 (0.16%) GET /application/config/constants.php
80 2 (0.16%) GET /appsettings.json

Twenty One Pilots - City Walls

youtube • video ID: 5Ozjel72yjQ

click image to load player

The story of Clancy is coming to its conclusion. Watch the entire story in a playlist.

New Old Chinese Walkman

Remember the old Chinese Walkman I wrote a while ago? I got its blue sibling and it’s up for a photoshoot! Of course, it sounds like shit, but nostalgia is about remembering cool gadgets, not how good they were(n’t).

Odesza - A Moment Apart

youtube • video ID: BwmzXTjDt7A

click image to load player

Awesome music, the title song of Forza Horizon 4.

Windows 95 turns 30!

Windows 95 turns 30!

On August 24, 1995, Microsoft released Windows 95, their operating system which introduced numerous functions and features that were featured in later Windows versions, and continue in modern variations to this day, such as the taskbar, the notification area, file shortcuts on the desktop, plug and play driver integration, removal of the requirement to have a separate copy of MS-DOS, the ability to full screen application windows, native internet integration, raising the maximum letters a filename can have from eight to 255, the Windows Explorer, and the “Start” button which summons the Start menu.

That was 30 years ago.

Pendulum - Inertia (2025) - New Album

youtube • video ID: qaQprI2PdMU

click image to load player

Fourth album by Pendulum is out and is a banger. Aside of the older singles that appeared on the Elemental EP and the digital-only Anima EP, the album brings some new tracks as well

Valentino Rossi testing a Formula 1 Ferrari

Valentino Rossi testing a Formula 1 Ferrari

Throwback to when Valentino Rossi tested a Ferrari F1 car and ended up just 0.7’s off Michael Schumacher’s pace…

Michael had set a time of 1m 11.640s with Rossi, driving an older spec of car and engine, lapping in 1m12.362s.

Former Ferrari chairman Luca di Montezemelo was so impressed he suggested that the team would field Rossi in a third car if the rules allowed it.

In The Bin - Poorly Drawn Lines Comic

In The Bin - Poorly Drawn Lines Comic

Sometimes you’re the raccoon outside, sometimes you’re the racoon inside. Source

Battlestar Galactica Blood And Chrome: Apocalypse

youtube • video ID: 2Lu54TlnPRg

click image to load player

P.O.D. - Alive

youtube • video ID: ce2KN06dS7c

click image to load player

This song was released 24 years ago, on this very day. Man, we’re old.

Age Verification coming to the EU?

Age Verification coming to the EU?

The retards that seem to run not only the governments, but also parts of the internet are now trying to push age verification in the EU, after some US states took the bait and also the UK did. Few things to mention:

  • Databases can and will be leaked. Proof
  • The governments will definitely use these databases for nefarious purposes.
  • VPNs exists. NordVPN, Surfshark, Private Internet Access, Njal.la, Proton VPN. Why let your government steal your personal data when a company can do this for you?
  • People nowadays will use any excuse to blame everyone else but themselves for their shitty parenting. You know, instead of having hundreds of millions people expose their data, maybe some idiots shouldn’t give fucking phones with no parental controls to fucking 8 year olds.

RIP Ozzy

RIP Ozzy

youtube • video ID: LCCiwPEdEpg

click image to load player

close tools panel
toggle tools panel