PDA

View Full Version : People trying to access weird pages



deronsizemore
08-09-2007, 07:42 PM
I'm using Expression Engine to publish my site, but some of the URL's people have typed in for my site seems like they're trying to access the backend of my site. They're trying to access like www.randomjabber.com/blog/wp-admin and similar URL's but the weird thing is that I don't even use Word Press.

Does seem weird to anyone else?

Chris
08-09-2007, 07:57 PM
Just a brute force scan for weaknesses is my guess.

deronsizemore
08-09-2007, 08:01 PM
Yeah, I suppose you're right. People have way to much time on their hands. I have never visited a website and thought "hmmm, I think I'll try to get into the admin area of this site"

Nico
08-09-2007, 08:43 PM
I have never visited a website and thought "hmmm, I think I'll try to get into the admin area of this site"

That's because you are one of the good ones :)
It's a pretty common thing really if you work in security (either white or black). One of the first things someone will do if they want to access your site, is to gather as much info as they can...that includes checking your hosting, finding your Admin, finding out what CMS/Shopping you are using and what version, etc.

Just remember to always change the default admin URL if you are using a popular CMS/Shop/Blog and if you are using a custom one, put the Admin under a weird URL.

deronsizemore
08-09-2007, 09:04 PM
That's because you are one of the good ones :)
It's a pretty common thing really if you work in security (either white or black). One of the first things someone will do if they want to access your site, is to gather as much info as they can...that includes checking your hosting, finding your Admin, finding out what CMS/Shopping you are using and what version, etc.

Just remember to always change the default admin URL if you are using a popular CMS/Shop/Blog and if you are using a custom one, put the Admin under a weird URL.

Yeah, luckily I've already done this. I think it would be next to impossible for someone to guess my admin url, but I guess you never know.

I guess this is one reason to not display what powers your blog (like I do in the footer).

Thanks for the tips