My attention was brought to a whole bunch of "page not found" errors in the log of my website tonight. At first, I just thought it was just someone trying scripts to gain access so I sent an abuse report to Linode as they owned the IP address, 172.105.83.62.
Their reply was vaguely interesting, though. They said that they didn't regard it as abuse as it was a "security researcher" at work. Huh? On my website? Seriously? Wow - they need to set their sights higher!!!
In this circumstance, our Trust & Safety team have determined that the Linode customer operating this IP is a security researcher, and the traffic is not intended to be malicious.
Anyway, I thought the actual log of locations tried might be useful to others, so here they are:
-------- -------------- ---------------- ---------- ------------------------------------------------------------------------------------------
ID Date Type Severity Message
-------- -------------- ---------------- ---------- ------------------------------------------------------------------------------------------
437103 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/aggregator.overview.html.twig
437102 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/search.index.html.twig
437101 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/workflows.overview.html.twig
437100 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/config.import_full.html.twig
437099 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/field_ui.reference_field.html.twig
437098 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/views_ui.edit.html.twig
437097 06/Sep 07:06 page not found Warning /core/assets/vendor/ckeditor/bender-runner.config.json
437096 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/contact.creating.html.twig
437095 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/field_ui.manage_form.html.twig
437094 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/search.overview.html.twig
437093 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/field_ui.manage_display.html.twig
437092 06/Sep 07:06 page not found Warning /core/scripts/dev/commit-code-check.sh
437091 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/system.maintenance_mode.html.twig
437090 06/Sep 07:06 page not found Warning /core/assets/vendor/ckeditor/CHANGES.md
437089 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/image.style.html.twig
437088 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/responsive_image.style.html.twig
437087 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/views_ui.add_display.html.twig
437086 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/book.adding.html.twig
437085 06/Sep 07:06 page not found Warning /core/assets/vendor/ckeditor/LICENSE.md
437084 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/config.export_full.html.twig
437083 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/content_moderation.configuring_workflows.html.twig
437082 06/Sep 07:06 page not found Warning /core/modules/help_topics/help_topics/layout_builder.overview.html.twig
437081 06/Sep 07:06 page not found Warning /core/themes/olivero/olivero.libraries.yml
-------- -------------- ---------------- ---------- ------------------------------------------------------------------------------------------
Looks to me like they are trying to access files in core modules and then compare them to know versions to work out the version of Drupal installed. I guess then they know what vulnerabilities are available?
The only thing is, none of those files should be available over the web, anyway – not if a site is setup properly.
Comments