CODEWITHSUNDEEP
wordpresshttp
Jules Hummelink
Jules Hummelink

Reputation: 664

Someone made some wp wlwmanifest.xml http requests, but why?

A curious question this time. Someone just made the following HTTP requests to my server:

127.0.0.1 - - [02/Jun/2021 15:28:00] "GET //wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:00] "GET //xmlrpc.php?rsd HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:00] "GET / HTTP/1.0" 200 -
127.0.0.1 - - [02/Jun/2021 15:28:00] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:00] "GET //web/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //website/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //wp/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //news/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //2018/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //2019/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //shop/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //wp1/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //test/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //media/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //wp2/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:01] "GET //site/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:02] "GET //cms/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -
127.0.0.1 - - [02/Jun/2021 15:28:02] "GET //sito/wp-includes/wlwmanifest.xml HTTP/1.0" 404 -

Anyone any idea why someone would try this. I know it has something to do with WordPress (that I don't use/have installed anyway) But I still wonder why someone would try to make these requests.

Thx a lot, Jules

P.S. The server says it comes from localhost but that is because it goes through Nginx

Upvotes: 46

Views: 32898

Answers (1)

SEOAlexRamon
SEOAlexRamon

Reputation: 416

This is commonplace. Today more than 40% of the world's internet traffic are bots and 25% are malicious bots. They are just bots that are constantly looking for possible security flaws in as many indexed domains as possible in order to compromise the site. There are tools that can help you detect these requests and take action. For example fail2ban.

Upvotes: 29

Related Questions