Mobile app version of vmapp.org
Login or Join
Merenda212

: Unknown files appearing in my website 404 error page list without a referring URL I've been seeing lots of entries in my 404 error page lists in my shared hosting account, which are attempts

@Merenda212

Posted in: #Apache #Referrer #WebHosting

I've been seeing lots of entries in my 404 error page lists in my shared hosting account, which are attempts to hit sub URLs on my 'static' website, such as (usually with no referring URL):

/xefxbfxbdxefxbfxbdxefxbfxbdxefxbfxbd%20website.rar
/aspweb.rar
/520.rar
/install.tar.gz
/sql.bak
/a.rar
/web123.zip
/aspweb.zip
/wwwroot.tar


These are aside from the usual attempts on /wp-login.php, etc...

I'm wondering if anyone can explain the above, is it just hacking attempts, should I be worried or ignore them? The site is going through CloudFlare over HTTPS.

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Merenda212

1 Comments

Sorted by latest first Latest Oldest Best

 

@Berumen354

All of these files which are being checked for including the /xefxbfxbdxefxbfxbdxefxbfxbdxefxbfxbd which you mention in your last comment are attempts by attackers to identify common files which can be vulnerable in your web root which on a mis-configured website can provide an attacker the information they need to penetrate your site.

As an example sql.bak is a standard SQL backup file which an attacker can use to access your entire database as of the last backup if they can get it. aspweb.zip and the other similar files are commonly used by webmasters to package the site and upload it in a compressed file and then uncompress on the server, often leaving behind the compressed file. If an attacker got their hands on this file they would have a complete copy of your site source code if you used this method.

All of these log entries indicate attack attempts on your site which is common and can occur on any site. Definately attempt to block these connections from connecting to your site at all to add an extra level of protection to your site but don't assume the block will be 100% as no block is 100% as the attackers can find their way around it. Do a security audit on your site and make sure that vulnerabilities have been patched and that files such as these can not be accessed and if they must be on the server are not located in the web root.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme