On one of the wordpress sites I host I am noticing a lot of log entries where someone’s attempted to access a page on the site but their request contains an appended trailing slash and IP address
Happening multiple times per day.
Request will look something like this
[https://sitename.com/sitepage/47.128.55.36])The server throws a 404 at them every time
The IP address in the request is always in the 47.128.xxx.xxx range, which resolves to the AWS datacentre in Singapore (it’s an ec2 address).
Been searching extensively to find any reported instances of this or in fact any documentation at all, but can’t seem to find anything. Hence this.
I’m just blindly assuming it’s some sort of hack attempt. Requests are coming in from all over the world, I can’t discern any pattern to it.
Anyone else seen this?
Edit to add: Server = Ubuntu 20.04 with Apache, running W3counter (free edition)
[ad_2]