From: Luigi R. <li...@lu...> - 2012-01-02 18:28:58
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yaroslav Halchenko said the following on 02/01/12 19:07: > Thank you Luigi -- I still worry a bit if we wouldn't get any false > positives... I am not familiar much with word-press, but what if it by > mistake embeds links/content for the broken (absent) plugins/themes... or > if you had 1 theme, then switched to another one but crawlers still > maintain the old link in their caches (not that I care about them much, but > similar might happen to regular browser with cached pages). > > from the logs, if they were just a plain output of grep, it seems that many > attempts/IPs lead just to a single failure so might be quite legit may be? > did they (those IP) accessed normal pages as well? (176.9.43.251 indeed > looks like a scanner) The log is from my blog (siamogeek.com) born 1,5 years ago. It always had just one theme and none of the plugin listed in 404 errors have never been installed. The 404s are the result of scripted scanner like WPScan or mor accurate attempt to exploit a single plugin vulnerability. In WP if you change a skin, you change the URLs of images and CSS, but the "permalink" of the blog post (or page) remains the same; the crawling bots know this. I would like to hear the opinion of other WP sysadmins, if any in this list. Ciao, luigi - -- / +--[Luigi Rosa]-- \ Prima scrivi il programma e poi le specifiche. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8B91wACgkQ3kWu7Tfl6ZSdjgCfWWnECS8pbRm1Sci+W35imZ+M LoQAn3YpQ7+tdfxdKDzcHVhHXSCXKcgT =uZ5W -----END PGP SIGNATURE----- |