Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2026-07-14 02:47:27

agovella
Member
From: Houston, TX
Registered: 2005-05-01
Posts: 101
Website Twitter

Weird results in my visitor logs

I’m seeing weird requests in my visitor logs. Is this just general people looking for vulnerabilities?

13 Jul 2026 3:18PM //login.php
13 Jul 2026 3:18PM //wp.php
13 Jul 2026 3:18PM //av.php
13 Jul 2026 3:18PM //aa.php
13 Jul 2026 3:18PM //wp-includes/assets
13 Jul 2026 3:18PM //abcd.php
13 Jul 2026 3:18PM //wp-includes/l10n
13 Jul 2026 3:18PM //wp-includes/css/dist
13 Jul 2026 3:18PM //cgi-bin/index.php
13 Jul 2026 3:18PM //wp-content/admin.php
13 Jul 2026 3:18PM //wp-includes/js/jquery
13 Jul 2026 3:18PM //f6.php
13 Jul 2026 3:18PM //themes.php
13 Jul 2026 3:18PM //admin.php?
13 Jul 2026 3:18PM //adminfuns.php
13 Jul 2026 3:18PM //wp-includes/assets
13 Jul 2026 3:18PM //hosty.php
13 Jul 2026 3:18PM //a.php
13 Jul 2026 3:18PM //admin.php
13 Jul 2026 3:18PM ///admin.php

Offline

#2 2026-07-14 05:41:13

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 12,617
Website GitHub

Re: Weird results in my visitor logs

Yep. Just chancers assuming every site under the sun runs WordPress and looking for exploits. It’s an annoyance.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Hire Txp Builders – finely-crafted code, design and Txp

Offline

#3 Yesterday 03:22:42

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,429
Website GitHub Mastodon Twitter

Re: Weird results in my visitor logs

agovella wrote #343492:

I’m seeing weird requests in my visitor logs. Is this just general people looking for vulnerabilities?

I block those kids with these rules in my htaccess.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#4 Today 02:13:25

agovella
Member
From: Houston, TX
Registered: 2005-05-01
Posts: 101
Website Twitter

Re: Weird results in my visitor logs

Is blocking them considered best practice? Or just something you do to be curmudgeonly?

(Curmudgeonly in the best sense)

Offline

#5 Today 04:23:28

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,429
Website GitHub Mastodon Twitter

Re: Weird results in my visitor logs

agovella wrote #343505:

Is blocking them considered best practice? Or just something you do to be curmudgeonly?

I’m not blocking their ips. I’m blocking constructed urls. ie site.tld/wordpress. Some years ago we had an attack with hackers trying to get in our site. That’s why I made that list. The server stops them and txp does not need to deal with it.

You have to be careful as to what words you will block as it can affect legit urls.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#6 Today 10:39:29

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,906
GitHub

Re: Weird results in my visitor logs

Drive-by chancers can cause considerable havoc on PHP-powered apps, especially shared services with limited resources.

It’s trivial to wget or curl a long list of URLs, and if they’re not filtered out by a web application firewall or other pre-PHP process, each URL will likely hit the PHP endpoint, as well as the web server, and likely a database.

This can spawn a lot of server activity – consider that each bogus URL has to essentially show a 404 (or similar) page, which for a PHP application like Textpattern uses PHP to render a page atop a web server, and if there’s no caching going on then a database is likely called, too. If you’re on a Textpattern site on a shared host, a slew of bogus URLs can be taxing – not through any fault of Textpattern itself, but due to the architecture of a PHP + database web app.

colak’s filtering ensures the bogus requests are filtered before PHP and the database are fired up, which makes it much ‘cheaper’ computationally – the server isn’t rendering a pretty, Textpattern-styled 404 page for these scoundrels.

This forum is subject to lots of attacks due to its age, its content quality, and its outgoing link policy. There are countless crawlers, scrapers and other things that scoop up these pages 24 / 7. Most of the time, it’s manageable – occasionally it trips a limiter and denial of service protection kicks in.

Offline

Board footer

Powered by FluxBB