From a site I’m the webmaster for, a list of requests that caused a 404 not found error:
In essence, this was an automated attack, as it happened all within a couple of minutes (the list goes on for a second and third page). Some script kiddie running a script that was trying to get some response from the assumed PHP that’s running the site. Requesting a whole bunch of PHP files, one after the other. In fact it’s probably four kiddies (unless it’s the same kiddie trying four times, because if you don’t succeed at first, of course you’ll get a different result the next time).
Just goes to show that if you are running WordPress – written in PHP – stay on top of all possible updates. Or go professional and basically pay someone else to do it. An example from last week: Thousands of WordPress Sites Hacked Using Recently Disclosed Vulnerability.
Me, I run an ASP.NET blog engine. Originally it was GraffitiCMS, but since no changes have been done to the open source project in well over three years, I’ve been ripping out what I don’t use and been adding other functionality as and when needed.
Banner image cropped from: Hacking, by JGD JGD, on flickr.