Aaron Poffenberger

poffenberger.org is one of the websites I manage. It's a very small site. Yet in spite of its small size it's obvious the site is being probed for security holes as ardently as larger, more interesting sites. And why not? Automated probing is cheap and the potential rewards are high. It's a bit like spam. You only need a very small percentage to make it pay.

The following data comes from the logs for just this site. I've filtered out the typos and other uninteresting data. What remains are requests for resources someone was looking for intentionally. Scan through and read the names of the resources. Notice how many you see that end with executable extensions like ".pl", ".php" and ".dll". See the requests for entries with words like "install," "login," "config" and "rpc". Count the permutations of phpMyAdmin (I count more than 150).

Think your computer is secure because it's small and relatively anonymous? Think again.

Typical Entries from My Logs
a1b2c3d4e5f6g7h8i9/nonexistentfile.php
about.php
Ads/adxmlrpc.php
adserver/adxmlrpc.php
adxmlrpc.php
awstat/awstats.pl
awstats-cgi/awstats.pl
awstats.pl
awstats/awstats.pl
awstats/cgi-bin/awstats.pl
awstats6/awstats.pl
awstats6/cgi-bin/awstats.pl
backup/wp-login.php
bbs/data/config/config.inc.php
blog-old/wp-login.php
blog//index.php
blog/facebook-its-not-me-its-you
blog/backup/wp-login.php
blog/wp-login.php
blog/wp/wp-login.php
blog_old/wp-login.php
cart//install.txt
catalog//install.txt
cgi/awstats.pl
cms/e107_files/e107.css
cms/wp-login.php
config/config.inc.php
content/about
content/about-0
COPYRIGHT.php
cp/awstats/awstats.pl
cph.org
cron.org
css/internal.css
db/e107_files/e107.css
db/main.php
db/scripts/setup.php
dbadmin/config/config.inc.php
dbadmin/scripts/setup.php
default.asp
default.htm
default.html
default.php
defaut.aspx
DutchS/GRAPHIC0/Atmosphere/Clouds0.gif
e107/e107_docs/gpl.txt
e107/e107_files/e107.css
e107/e107_files/e107.js
e107_docs/gpl.txt
e107_files/e107.css
e107_files/e107.js
Entrada.asp
fastenv
favicon.gif
forum/e107_files/e107.css
home.asp
home.aspx
home.htm
home.html
home.php
iisstart.asp
imagess/text.css
index.asp
index.aspx
index.htm
index.html
install.txt
localstart.asp
logs/awstats.pl
logs/usage_201007.html
mail/config.inc.php
mail/README
main.asp
main.aspx
main.htm
main.html
manager/html
myadmin/config/config.inc.php
myadmin/main.php
myadmin/scripts/setup.php
mysql
mysql-admin/config/config.inc.php
mysql-admin/scripts/setup.php
mysql/config/config.inc.php
mysql/main.php
mysql/scripts/setup.php
mysqladmin/scripts/setup.php
mysqladminconfig/config.inc.php
mysqlmanager/config/config.inc.php
mysqlmanager/scripts/setup.php
nosuichfile.php
noxdir/nosuichfile.php
ok.txt
old/wp-login.php
on
p/m/a/config/config.inc.php
p/m/a/scripts/setup.php
pages/our meetings.html
php-my-admin/config/config.inc.php
php-my-admin/scripts/setup.php
php-myadmin/config/config.inc.php
php-myadmin/scripts/setup.php
phpadmin/main.php
phpadmin/scripts/setup.php
phpads/adxmlrpc.php
phpAdsNew/adxmlrpc.php
phpm/scripts/setup.php
phpmanager/config/config.inc.php
phpmanager/scripts/setup.php
phpmy-admin/config/config.inc.php
phpmy-admin/scripts/setup.php
pHpMy/scripts/setup.php
phpMyA/scripts/setup.php
phpmyad-sys/scripts/setup.php
phpmyad/scripts/setup.php
phpMyAdmi/scripts/setup.php
phpmyadmin
phpMyAdmin-2.10.0/scripts/setup.php
phpMyAdmin-2.11.1/scripts/setup.php
phpMyAdmin-2.11.10/scripts/setup.php
phpMyAdmin-2.11.2/scripts/setup.php
phpMyAdmin-2.11.3/scripts/setup.php
phpMyAdmin-2.11.4/scripts/setup.php
phpMyAdmin-2.11.5/scripts/setup.php
phpMyAdmin-2.11.6/scripts/setup.php
phpMyAdmin-2.11.7/scripts/setup.php
phpMyAdmin-2.11.8/scripts/setup.php
phpMyAdmin-2.11.9/scripts/setup.php
phpMyAdmin-2.2.3/config/config.inc.php
phpMyAdmin-2.2.3/scripts/setup.php
phpMyAdmin-2.2.6/config/config.inc.php
phpMyAdmin-2.2.6/scripts/setup.php
phpMyAdmin-2.3.0/scripts/setup.php
phpMyAdmin-2.3.1/scripts/setup.php
phpMyAdmin-2.3.2/scripts/setup.php
phpMyAdmin-2.3.3/scripts/setup.php
phpMyAdmin-2.3.4/scripts/setup.php
phpMyAdmin-2.3.5/scripts/setup.php
phpMyAdmin-2.3.6/scripts/setup.php
phpMyAdmin-2.3.7/scripts/setup.php
phpMyAdmin-2.3.8/scripts/setup.php
phpMyAdmin-2.3.9/scripts/setup.php
phpMyAdmin-2.4.0/scripts/setup.php
phpMyAdmin-2.4.1/scripts/setup.php
phpMyAdmin-2.4.2/scripts/setup.php
phpMyAdmin-2.4.3/scripts/setup.php
phpMyAdmin-2.4.4/scripts/setup.php
phpMyAdmin-2.4.5/scripts/setup.php
phpMyAdmin-2.4.6/scripts/setup.php
phpMyAdmin-2.4.7/scripts/setup.php
phpMyAdmin-2.4.8/scripts/setup.php
phpMyAdmin-2.4.9/scripts/setup.php
phpMyAdmin-2.5.0/scripts/setup.php
phpMyAdmin-2.5.1/config/config.inc.php
phpMyAdmin-2.5.1/scripts/setup.php
phpMyAdmin-2.5.2/scripts/setup.php
phpMyAdmin-2.5.3/scripts/setup.php
phpMyAdmin-2.5.4/config/config.inc.php
phpMyAdmin-2.5.4/scripts/setup.php
phpMyAdmin-2.5.5-pl1/config/config.inc.php
phpMyAdmin-2.5.5-pl1/scripts/setup.php
phpMyAdmin-2.5.5-rc1/scripts/setup.php
phpMyAdmin-2.5.5-rc1config/config.inc.php
phpMyAdmin-2.5.5-rc2/config/config.inc.php
phpMyAdmin-2.5.5-rc2/scripts/setup.php
phpMyAdmin-2.5.5/config/config.inc.php
phpMyAdmin-2.5.5/scripts/setup.php
phpMyAdmin-2.5.6-rc1/config/config.inc.php
phpMyAdmin-2.5.6-rc1/scripts/setup.php
phpMyAdmin-2.5.6-rc2/config/config.inc.php
phpMyAdmin-2.5.6-rc2/scripts/setup.php
phpMyAdmin-2.5.6/config/config.inc.php
phpMyAdmin-2.5.6/scripts/setup.php
phpMyAdmin-2.5.7-pl1/scripts/setup.php
phpMyAdmin-2.5.7/scripts/setup.php
phpMyAdmin-2.5.8/scripts/setup.php
phpMyAdmin-2.5.9/scripts/setup.php
phpMyAdmin-2.6.0-alpha/scripts/setup.php
phpMyAdmin-2.6.0-alpha2/scripts/setup.php
phpMyAdmin-2.6.0-beta1/scripts/setup.php
phpMyAdmin-2.6.0-beta2/scripts/setup.php
phpMyAdmin-2.6.0-pl1/scripts/setup.php
phpMyAdmin-2.6.0-pl2/scripts/setup.php
phpMyAdmin-2.6.0-pl3/scripts/setup.php
phpMyAdmin-2.6.0-rc1/scripts/setup.php
phpMyAdmin-2.6.0-rc2/scripts/setup.php
phpMyAdmin-2.6.0-rc3/scripts/setup.php
phpMyAdmin-2.6.0/scripts/setup.php
phpMyAdmin-2.6.1-pl1/scripts/setup.php
phpMyAdmin-2.6.1-pl2/scripts/setup.php
phpMyAdmin-2.6.1-pl3/scripts/setup.php
phpMyAdmin-2.6.1-rc1/scripts/setup.php
phpMyAdmin-2.6.1-rc2/scripts/setup.php
phpMyAdmin-2.6.1/scripts/setup.php
phpMyAdmin-2.6.2-beta1/scripts/setup.php
phpMyAdmin-2.6.2-pl1/scripts/setup.php
phpMyAdmin-2.6.2-rc1/scripts/setup.php
phpMyAdmin-2.6.2/scripts/setup.php
phpMyAdmin-2.6.3-pl1/scripts/setup.php
phpMyAdmin-2.6.3-rc1/scripts/setup.php
phpMyAdmin-2.6.3/scripts/setup.php
phpMyAdmin-2.6.4-pl1/scripts/setup.php
phpMyAdmin-2.6.4-pl2/scripts/setup.php
phpMyAdmin-2.6.4-pl3/scripts/setup.php
phpMyAdmin-2.6.4-pl4/scripts/setup.php
phpMyAdmin-2.6.4-rc1/scripts/setup.php
phpMyAdmin-2.6.4/scripts/setup.php
phpMyAdmin-2.6.5/scripts/setup.php
phpMyAdmin-2.6.6/scripts/setup.php
phpMyAdmin-2.6.7/scripts/setup.php
phpMyAdmin-2.6.8/scripts/setup.php
phpMyAdmin-2.6.9/scripts/setup.php
phpMyAdmin-2.7.0-beta1/scripts/setup.php
phpMyAdmin-2.7.0-pl1/scripts/setup.php
phpMyAdmin-2.7.0-pl2/scripts/setup.php
phpMyAdmin-2.7.0-rc1/scripts/setup.php
phpMyAdmin-2.7.0/scripts/setup.php
phpMyAdmin-2.7.1/scripts/setup.php
phpMyAdmin-2.7.2/scripts/setup.php
phpMyAdmin-2.7.3/scripts/setup.php
phpMyAdmin-2.7.4/scripts/setup.php
phpMyAdmin-2.7.5/scripts/setup.php
phpMyAdmin-2.7.6/scripts/setup.php
phpMyAdmin-2.7.7/scripts/setup.php
phpMyAdmin-2.7.8/scripts/setup.php
phpMyAdmin-2.7.9/scripts/setup.php
phpMyAdmin-2.8.0-beta1/scripts/setup.php
phpMyAdmin-2.8.0-rc1/scripts/setup.php
phpMyAdmin-2.8.0-rc2/scripts/setup.php
phpMyAdmin-2.8.0.1/scripts/setup.php
phpMyAdmin-2.8.0.2/scripts/setup.php
phpMyAdmin-2.8.0.3/scripts/setup.php
phpMyAdmin-2.8.0.4/scripts/setup.php
phpMyAdmin-2.8.0/scripts/setup.php
phpMyAdmin-2.8.1-rc1/scripts/setup.php
phpMyAdmin-2.8.1/scripts/setup.php
phpMyAdmin-2.8.2/scripts/setup.php
phpMyAdmin-2.8.3/scripts/setup.php
phpMyAdmin-2.8.4/scripts/setup.php
phpMyAdmin-2.8.5/scripts/setup.php
phpMyAdmin-2.8.6/scripts/setup.php
phpMyAdmin-2.8.7/scripts/setup.php
phpMyAdmin-2.8.8/scripts/setup.php
phpMyAdmin-2.8.9/scripts/setup.php
phpMyAdmin-2.9.1/scripts/setup.php
phpMyAdmin-2.9.2/scripts/setup.php
phpMyAdmin-2/config/config.inc.php
phpMyAdmin-2/scripts/setup.php
phpMyAdmin-3/scripts/setup.php
phpMyAdmin-4/scripts/setup.php
phpmyadmin/config/config.inc.php
phpmyadmin/main.php
phpMyAdmin/scripts/setup.php
phpmyadmin1/scripts/setup.php
phpmyadmin2/config.inc.php
phpMyAdmin2/config/config.inc.php
phpmyadmin2/scripts/setup.php
phpMyAds/scripts/setup.php
phppgadmin/config.inc.php
pma/config/config.inc.php
PMA/main.php
PMA/scripts/setup.php
PMA2005/config/config.inc.php
PMA2005/scripts/setup.php
portal/e107_files/e107.css
proxy.html
proxychecker/check.cgi
prx2.php
rc/README
README
roundcube/config/config.inc.php
roundcube/README
roundcubemail/README
scripts/setup.php
sd/1M
shop//install.txt
site/e107_files/e107.css
site/wp-content/plugins/wpng-calendar/css/thickbox.css
sl2/data/config/config.inc.php
SlurpConfirm404.htm
SlurpConfirm404/COURSES/scshot5j.htm
SlurpConfirm404/GAR-BAT/sindex/lagana.htm
SlurpConfirm404/idesofmarch.htm
SlurpConfirm404/mack2_d.htm
SlurpConfirm404/masa.htm
SlurpConfirm404/network/meridia/Bibliografia.htm
SlurpConfirm404/soybiz/vinylpage/telkat.htm
SlurpConfirm404/spillelister/iwfppv.htm
SlurpConfirm404/withdrawal_return/wuwpfi9601001.stats.htm
soapCaller.bs
sqladmin/scripts/setup.php
sqlmanager/config/config.inc.php
sqlmanager/scripts/setup.php
sqlweb/config/config.inc.php
sqlweb/scripts/setup.php
stat/awstats.pl
statistic/awstats.pl
statistiche/usage_201007.html
statistics/awstats.pl
statistik/usage_201007.html
stats/awstats.pl
stats/cgi-bin/awstats.pl
stats/usage_201007.html
store//install.txt
system-cgi/awstats.pl
templates
templates/rt_chromatophore/css/template_colors.php
trix/soapCaller.bs
trixbox/soapCaller.bs
typo3/phpmyadmin/scripts/setup.php
usage/usage_201007.html
user/soapCaller.bs
vhcs2/tools/pma/scripts/setup.php
w00tw00t.at.blackhats.romanian.anti-sec:)
web/e107_files/e107.css
web/phpMyAdmin/scripts/setup.php
web/scripts/setup.php
webadmin/config/config.inc.php
webadmin/main.php
webadmin/scripts/setup.php
webalizer/usage_201007.html
webdb/config/config.inc.php
webdb/scripts/setup.php
webmail/config.inc.php
webmail/README
websql/config/config.inc.php
websql/scripts/setup.php
webstats/awstats.pl
webstats/usage_201007.html
welcome.htm
welcome.html
wordpress/wp-login.php
wordpress2/wp-login.php
wp-login.php
wp/wp-login.php
xampp/phpmyadmin/scripts/setup.php
zen-cart//install.txt
zencart//install.txt
_vti/owssvr.dll
_vti/_vti/author.dll