A place to talk about whatever you want
This is a forum category containing topical discussion. You can start new discussions by mentioning this category.
No problems with nodebb, just an observation of so many people wasting their lives trying to hack others. Some having the potential to be highly skilled and well paid folks but instead spend their time trying to hurt others.
I put a site online just to test a few things. It's not advertised or mentioned anywhere yet but look at the stats. Lots of hits from bots, most presumably looking for Wordpress sites. I just thought it was interesting and wanted to share.
One question. Are the dashboard logs derived from the web server logs or directly from the nodebb code? I assume directly.
Yes but aren't those usually script kiddies? The number of unique visitors is only 202 while the login attempts are nearly 15K for yesterday alone.
@NodeHam depends what needs to happen to increment the login counter. If they're just hitting the login endpoint it actually shouldn't count as a login...
Well, I wasn't posting looking for technical information but now you have me curious :).
Looking at the logs, they strongly suggest automated bot activity. Hits from Googlebot and other search crawlers WordPress vulnerability scanners Automated scanning tools like ZGrab
Are these triggering login attempts either by mistake or as part of their crawling process? Googlebot, for example, accesses various URLs, including login pages, and might cause login events.
Many of the requests are targeting /wp-admin/setup-config.php, /wordpress/wp-admin/setup-config.php, /xmlrpc.php, /wlwmanifest.xml, and similar WordPress-related URLs.
Since it's not a WP site, are these requests resulting in redirects or 301 responses, but getting counted in access logs that result in the dashboard stats?
Yup, it is internal.
I found this for anyone that comes across this. https://community.nodebb.org/topic/12493/nodebb-plugin-prometheus-prometheus-monitoring-for-nodebb