I realized a few days ago that making a mostly static website, I can also make a script that parses the logs for hits on places that don’e exist and that bots usually hit, like POST requests on /xmlrpc.php. And I wasn’t surprised to notice that over nine days, I’ve discovered 196 requests coming from about 90 IPs (for privacy, my server doesn’t log the last block of the IP address). I could publish the list of those classes, but picking randomly from it, this looks like simple malware-infected home hosts, so it’s pretty useless. But it’s a nice to see the URLs the bots and spammers try to access. Here’s a list:
| Hits | Method | URL | |
|---|---|---|---|
| 1 | 196 (15.51%) | POST | /xmlrpc.php |
| 2 | 74 (5.85%) | POST | /wp-login.php |
| 3 | 43 (3.40%) | GET | /robots.txt |
| 4 | 36 (2.85%) | GET | /stats |
| 5 | 30 (2.37%) | GET | /.env |
| 6 | 27 (2.14%) | GET | /.git/config |
| 7 | 23 (1.82%) | GET | /wp-login.php |
| 8 | 14 (1.11%) | GET | /xmlrpc.php |
| 9 | 14 (1.11%) | GET | /config.json |
| 10 | 10 (0.79%) | GET | /api/.env |
| 11 | 10 (0.79%) | GET | /_profiler/phpinfo |
| 12 | 8 (0.63%) | GET | /cmd_sco |
| 13 | 8 (0.63%) | GET | /.env.production |
| 14 | 8 (0.63%) | GET | /application/.env |
| 15 | 8 (0.63%) | GET | /wp/wp-includes/wlwmanifest.xml |
| 16 | 8 (0.63%) | GET | /2019/wp-includes/wlwmanifest.xml |
| 17 | 8 (0.63%) | GET | /shop/wp-includes/wlwmanifest.xml |
| 18 | 8 (0.63%) | GET | /wp1/wp-includes/wlwmanifest.xml |
| 19 | 8 (0.63%) | GET | /test/wp-includes/wlwmanifest.xml |
| 20 | 8 (0.63%) | GET | /site/wp-includes/wlwmanifest.xml |
| 21 | 8 (0.63%) | GET | /cms/wp-includes/wlwmanifest.xml |
| 22 | 8 (0.63%) | GET | /stats/ |
| 23 | 8 (0.63%) | GET | /.aws/credentials |
| 24 | 7 (0.55%) | GET | /web/wp-includes/wlwmanifest.xml |
| 25 | 7 (0.55%) | GET | /wordpress/wp-includes/wlwmanifest.xml |
| 26 | 6 (0.47%) | GET | /.env.local |
| 27 | 6 (0.47%) | GET | /blog.env |
| 28 | 6 (0.47%) | GET | /wp-content/.env |
| 29 | 6 (0.47%) | GET | /app/.env |
| 30 | 6 (0.47%) | GET | /config/.env |
| 31 | 6 (0.47%) | GET | /laravel/.env |
| 32 | 6 (0.47%) | GET | /library/.env |
| 33 | 6 (0.47%) | GET | /nextjs-app/.env |
| 34 | 6 (0.47%) | GET | /node-api/.env |
| 35 | 6 (0.47%) | GET | /vendor/.env |
| 36 | 6 (0.47%) | GET | /myproject/.env |
| 37 | 6 (0.47%) | GET | /.envs/.production/.django |
| 38 | 6 (0.47%) | GET | /react-app/.env |
| 39 | 6 (0.47%) | GET | /react-app/.env.production |
| 40 | 6 (0.47%) | GET | /wp-includes/wlwmanifest.xml |
| 41 | 6 (0.47%) | GET | /wp2/wp-includes/wlwmanifest.xml |
| 42 | 6 (0.47%) | GET | /sito/wp-includes/wlwmanifest.xml |
| 43 | 6 (0.47%) | GET | /blog/wp-includes/wlwmanifest.xml |
| 44 | 6 (0.47%) | GET | /.vscode/sftp.json |
| 45 | 6 (0.47%) | GET | /info.php |
| 46 | 5 (0.40%) | GET | /website/wp-includes/wlwmanifest.xml |
| 47 | 5 (0.40%) | GET | /news/wp-includes/wlwmanifest.xml |
| 48 | 5 (0.40%) | GET | /2020/wp-includes/wlwmanifest.xml |
| 49 | 4 (0.32%) | GET | /login |
| 50 | 4 (0.32%) | GET | /wp-json/custom/v1/ |
| 51 | 4 (0.32%) | GET | /blog-verify |
| 52 | 4 (0.32%) | GET | /admin/.env |
| 53 | 4 (0.32%) | GET | /@vite/env |
| 54 | 4 (0.32%) | GET | /actuator/env |
| 55 | 4 (0.32%) | GET | /server |
| 56 | 4 (0.32%) | GET | /about |
| 57 | 4 (0.32%) | GET | /debug/default/view |
| 58 | 4 (0.32%) | GET | /v2/_catalog |
| 59 | 4 (0.32%) | GET | /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application |
| 60 | 4 (0.32%) | GET | /server-status |
| 61 | 4 (0.32%) | GET | /login.action |
| 62 | 4 (0.32%) | GET | /_all_dbs |
| 63 | 4 (0.32%) | GET | /.DS_Store |
| 64 | 4 (0.32%) | GET | /s/130313e2934323e2336313e29363/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties |
| 65 | 4 (0.32%) | GET | /telescope/requests |
| 66 | 4 (0.32%) | GET | /aaa.php |
| 67 | 4 (0.32%) | GET | /admin.php |
| 68 | 4 (0.32%) | GET | /defaults.php |
| 69 | 4 (0.32%) | GET | /about.php |
| 70 | 4 (0.32%) | GET | /php_info.php |
| 71 | 4 (0.32%) | GET | /phpinfo.php |
| 72 | 4 (0.32%) | GET | /phpinfo |
| 73 | 3 (0.24%) | GET | /.remote |
| 74 | 3 (0.24%) | GET | /.local |
| 75 | 3 (0.24%) | GET | /.production |
| 76 | 3 (0.24%) | GET | /wp-content/ |
| 77 | 3 (0.24%) | GET | /2018/wp-includes/wlwmanifest.xml |
| 78 | 3 (0.24%) | GET | /media/wp-includes/wlwmanifest.xml |
| 79 | 2 (0.16%) | GET | /application/config/constants.php |
| 80 | 2 (0.16%) | GET | /appsettings.json |