Author Topic: Unexpected attempts to visit pages  (Read 1605 times)

0 Members and 1 Guest are viewing this topic.

Offline Archibald

  • Full Member
  • ****
  • Posts: 275
  • Gender: Male
Unexpected attempts to visit pages
« on: August 13, 2016, 10:51:54 AM »
I recently configured my CGI scripts that handle 404 (file not found) and 500 (server error) errors so I now get an email reporting any errors occurring.

I am getting strange unexpected requests for pages or other files, presumably from one or more search engine crawlers. Here are examples of such requests:
    xmlrpc.php
    /wp/
    /wordpress/
    /blog/
    /blog/robots.txt
    /modules/attributewizardpro.OLD/file_upload.php
    /modules/attributewizardpro.OLD/file_uploads/gasshop.php
    /modules/advancedslider/uploads/gasshop.php.png
    /modules/cartabandonmentpro/uploads/gasshop.php.png
    /modules/advancedslider/ajax_advancedsliderUpload.php
    /modules/cartabandonmentpro/upload.php
    /modules/videostab/uploads/gasshop.php.png
    /modules/videostab/ajax_videostab.php
    /modules/soopamobile/uploadimage.php
    /modules/homepageadvertise2/uploadimage.php
    /modules/columnadverts/uploadimage.php
    /modules/productpageadverts/uploadimage.php
    /apple-app-site-association
    /.well-known/apple-app-site-association
    /.well-known/assetlinks.json
I've never had folders named 'modules', '.well-known' or 'blog'; nor had anything to do with Apple.

I am also getting quite a lot of requests for web pages that were deleted from my WebPlus (WPX6) files several years ago.  My sitemap.xml files have been registered with Google for years so I guess these requests are not coming from the Google crawler.

When I upload something from WPX6 I get a tick box option "Delete unused remote files" which seems to be always greyed-out.  I'm fairly sure with a previous version of WP that tick box was ticked by default.  Now to get unused files deleted I seem to have to use automatic unattended upload and tick the 'Delete unused files' option.  Having done that recently with a full upload, unfortunately I am now totally uncertain whether the requests for old web pages relate to pages that were deleted years ago from my servers or whether I had deleted them only a few days ago.

Anyway, it may be worth WP users checking whether any old web pages remain on their servers.
 

Offline nfc212

  • Developer
  • Full Member
  • ***
  • n
  • Posts: 405
  • Gender: Male
  • Board Member
Re: Unexpected attempts to visit pages
« Reply #1 on: August 13, 2016, 03:01:24 PM »
The file gasshop.php.png looks like one of those PHP scripts that come disguised as an image.

Once uploaded directly accessing the file causes it to drop its disguise and wreak havoc on the server or machine it is sitting on.

attributewizardpro seems to be related to a PrestaShop plug in

https://www.prestashop.com/forums/topic/47363-module-attribute-wizard-pro-create-unlimited-attributes-combinations-choose-frm-7-input-types/

Looks like something or someone is pinging your server on the off chance that it can find these files and exploit them.
 
The following users thanked this post: Archibald

Offline Archibald

  • Full Member
  • ****
  • Posts: 275
  • Gender: Male
Re: Unexpected attempts to visit pages
« Reply #2 on: August 13, 2016, 09:16:04 PM »
I've now had two attempts to find out if I'm using Joomla:
    /libraries/joomla/xxxx.php
    /libraries/joomla/eg.php

I expect many of our websites are receiving file requests like these without us being aware it's happening.

Actually configuring my CGI files to receive email notification of 404 and 500 errors has proved quite useful.  I found I had inadvertently deleted a PNG file of a GoogleMap place icon; but curiously when I viewed the page referred to, an icon appeared.  As the icon was requested within GoogleMaps API code, WebPlus would not have flagged up the issue.  I had not appreciated that a missing image file generates a 404 error (but site visitors are not redirected to a 404 error page).

For a while I've had 404 and 500 error pages within my WP file (not included in navigation and not to be indexed).  As well as displaying a message explaining the error, the pages include my usual header with navigation bar allowing visitors to navigate to another page.  That's OK if visitors try to reach an ordinary site page that no longer exists for example, but some of my pages open as a small new window (with JavaScript popup code) . . . . . then only half the message and half the navigation bar is visible!  I thinking of writing JavaScript code to redirect to a smaller web page in such circumstances with just a "Close" button instead of a full navigation bar.
 

Offline Archibald

  • Full Member
  • ****
  • Posts: 275
  • Gender: Male
Re: Unexpected attempts to visit pages
« Reply #3 on: August 15, 2016, 09:16:54 PM »
I've been continuing to receive far too many email messages reporting 404 errors.  I was hoping the number of requests for non-existent files would reduce as whatever crawler is making these requests realises that the files no longer exist.  Some of the files being requested were deleted from my website and sitemap.xml file 8 years ago, but may have remained on my server until recently.

Anyway I have now edited the CGI script, not that I've ever coded in Perl before.  The email messages include the referrer (wrongly spelled "referer" in HTML specification).  The unwanted messages have a blank referrer string so my code edit checks whether there is a referrer string before sending me an email. The few messages that I have previously received with a referrer have been very useful.
 
The following users thanked this post: Mick