ajaypal.com

This is the error log of httpd (apache) on one of the server machines that is about to be replaced very soon, interesting thing is to see how the script kiddy goes about locating vulnerable web applications:


[Sun Mar 05 21:33:02 2006][client 82.161.172.154]
script '/home/public/linux/index2.php' not found (trying for mambo?)
File does not exist: /home/public/linux/mambo (again mambo)
File does not exist: /home/public/linux/cvs (why CVS? I am not sure)
File does not exist: /home/public/linux/articles (why this? I am not sure)
File does not exist: /home/public/linux/cvs
script '/home/public/linux/xmlrpc.php' not found (trying xmlrpc lib?)
File does not exist: /home/public/linux/blog (wordpress maybe)
File does not exist: /home/public/linux/blog
File does not exist: /home/public/linux/blogs
File does not exist: /home/public/linux/drupal (looking for drupal)
File does not exist: /home/public/linux/phpgroupware (phpgroupware)
File does not exist: /home/public/linux/wordpress


And also this

[Sun Mar 05 19:12:07 2006] [client 211.137.85.187]
File does not exist: /home/public/linux/cgi
File does not exist: /home/public/linux/awstats
File does not exist: /home/public/linux/stats
File does not exist: /home/public/linux/awstats.pl
File does not exist: /home/public/linux/cgi

(may be looking for awstat)


Well only if it was not a blind script but a real script kiddy, they might have noticed that it is a plain text HTML site. Atleast definitly not drupal, wordpress, mambo/ joomla or other fancy CMS systems. Never mind keep trying (oops I mean keep executing scripts), that server is going down in a few days (for an upgrade).