cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

Unexplained URL's in Visitors Log

I am re-posting this, sorry, as someone marked my first post as spam. It is not.

 

In cPanel > METRICS > Visitors, I have seen some strange URL's listed today, like these:

/adminer-4.2.4.php
/adminer-4.2.5.php
/dl.php?file=../../../../../../../../../../../../etc/passwd
/replace.php
alsp_ratings/resources/js/wp-side.php.suspected

and many more like this. I can't find any issues with my website, or any evidence at this time that it may have been hacked. Most of these requests originate from Ripe Networks, and some in the U.S. as well. Do I need to worry, or look for something else?

 

Thanks in advance for your reply!

1 ACCEPTED SOLUTION
Super User II

@NickInElgin 

 

Based on the info you provided, it looks like they're probing your site for vulnerabilities, perhaps. If you don't have an SSL and a Firewall on the site, I would suggest getting one before you do get hacked. That can cost hundreds to thousands of dollars to get cleaned up, especially if the site is how you make money.



I am a GoDaddy End User - Just Like You
* Please note that I DO NOT answer private messages. Please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. If you contact me via PM for help, I will give you a price quote for my personal services. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community


View solution in original post

2 REPLIES 2
Super User II

@NickInElgin 

 

Based on the info you provided, it looks like they're probing your site for vulnerabilities, perhaps. If you don't have an SSL and a Firewall on the site, I would suggest getting one before you do get hacked. That can cost hundreds to thousands of dollars to get cleaned up, especially if the site is how you make money.



I am a GoDaddy End User - Just Like You
* Please note that I DO NOT answer private messages. Please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. If you contact me via PM for help, I will give you a price quote for my personal services. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community


View solution in original post

Thank you for the reply. Firewall and SSL are valid and functioning. The site was hit hard for many days. I blocked the net range of the IP addresses making these requests. Biggest offenders come from Digital Ocean and RIPE Networks. These requests have drastically diminished over the past few days, and are non-existent today. I can find no evidence of intrusion. Thank you again, MrVapor, for your reply.