[dylan604]

Every time I venture in the the web server's error log, I see all of the skiddie's attempts at accessing the most common things with most of them being .php files. Lots of /wp/admin.php and /phpadmin/ type requests. Of course, none of those are available which is why the requests are in the error log. I've never paid attention, but I wonder how long (as in how little time) for a new server to come online before it starts to get probed by a skiddie. Whether they are just war dialing IPs or paying attention to new domain announcements but I'd put it on a few hours tops.

[hamburglar]

Dismissing these as script kiddie attempts is no longer correct. This is a real industry now. It’s not like the large scale actors are going to pass up a valid unpatched vector just because it’s old hat.

[nubinetwork]

They're skiddies if they're trying WordPress attacks on domains that have never hosted anything remotely close to a CMS before...

[mhitza]

Imagine this; ~40% of public websites run wordpress. (based on some AI-gen summary, even if fewer it is still an important percentage).

So you might be spinning up a new instance with 40% probability. It makes sense in mass vulnerability explotation and detection to aim for highest success rate first.

Especially when the IPv4 space is so easy to scan nowadays. And you have services like Shodan that do just that daily.

[dylan604]

yes, but how often otherwise would i get to use the word skiddie?

[doublerabbit]

22 minutes. I got my new ISP with fibre. Placed my web server online. 22 minutes my honey pot got stung.

[rstupek]

If you get a letsencrypt certificate it will get probed within a minute

[jmb99]

I’ve tested this recently (this post week). Had a dns entry up and pointing to an nginx server for ~12 hours, zero requests. 17 seconds after the letsencrypt cert was issued, the floodgates opened. Over a dozen of requests per second.

[walrus01]

I don't think it's necessarily specific to LE but rather to public certificate transparency logs. LE being free and easy to automate means it's very widely used these days, but if you theoretically go to a "pay" root CA and get a cert that covers thing.com and www.thing.com , the same probing will happen on the same time scale.