I am running a web server and watching what people request. I have been getting frequent traffic like:
GET /phph/php/ph.php HTTP/1.1
or
GET /mrmr/mrm/mr.php HTTP/1.1
Are these scans? Are the clients checking if my server is already compromised or are they checking if I am vulnerable?
As far as I can tell, since I don't host such directories, such traffic is a scan for compromised machines; I do not know for sure because I think it unsafe to click the links Google provides when I search such things.
Aucun commentaire:
Enregistrer un commentaire