This site is part of an experiment. It started as a test when I purchased a .dev domain and then realized I needed a cert for it. I documented that.
Next comes, making things look interesting. My OG site is written by me, by hand, with my blogging code written by me. I’ve watched my wife set up WordPress after WordPress site on hosting accounts and now that I am running my own test server I figured I would give it a go too.
After a few permissions issues I got things rolling and this site is up. Right now it’s nothing special. Just another place for me to play around and test things.
I see though, I am not the only one testing it out.
127.0.0.1:80 188.8.131.52 - - [13/Mar/2019:09:33:04 -0500] "GET /mysql/admin/index.php HTTP/1.1" 404 517 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko
127.0.0.1:80 184.108.40.206 - - [13/Mar/2019:09:33:05 -0500] "GET /mysql/dbadmin/index.php HTTP/1.1" 404 519 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gec
127.0.0.1:80 220.127.116.11 - - [13/Mar/2019:09:33:05 -0500] "GET /mysql/sqlmanager/index.php HTTP/1.1" 404 522 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0)
127.0.0.1:80 18.104.22.168 - - [13/Mar/2019:09:33:06 -0500] "GET /mysql/mysqlmanager/index.php HTTP/1.1" 404 524 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0
) Gecko/20100101 Firefox/45.0"
To verify I am not that crazy I checked my User-Agent String.
A quick look at the log snipped above also shows that more than one agent was coming to the site, as well as they were all getting 404 Errors so it wasn’t me setting off all the logs.
There are people and bots out there that want in. I know this. It’s a reality just like someone out there has my personal info and I didn’t give it to them. The sheer size and scope of the reach out is scary and exciting at the same time.
As a security worker it’s exciting to see what people are looking for.
As a person who just wants to put up a blog, it’s really scary knowing that a blog, up for less than 24 hours, is a target. Here is just the tail end of a MetaSploit search for WordPress:
What can I do?
I can keep up-to-date on WordPress releases, load as few plugins as needed to make my site work. I use SSL. I use Cloudflare. I like to think I have my server locked down rather well. I can make sure funny things aren’t happening. I can check it regularly using WPScan. As of today, it’s not lighting up with any big holes I can’t fix.
What to think?
I think at the moment I am happy I am running my own site on my own server. While there is a bit more work involved, I am not beholden to a hosting service and when they can update. I am not lulled into the thought that since someone else is hosting it, it will be okay. And now, I am another target while people and bots are testing the site.