Every time I venture in the the web server's error log, I see all of the skiddie's attempts at accessing the most common things with most of them being .php files. Lots of /wp/admin.php and /phpadmin/ type requests. Of course, none of those are available which is why the requests are in the error log. I've never paid attention, but I wonder how long (as in how little time) for a new server to come online before it starts to get probed by a skiddie. Whether they are just war dialing IPs or paying attention to new domain announcements but I'd put it on a few hours tops.

▲

hamburglar 6 hours ago | parent | next [-]

Dismissing these as script kiddie attempts is no longer correct. This is a real industry now. It’s not like the large scale actors are going to pass up a valid unpatched vector just because it’s old hat.

	▲	dylan604 6 hours ago \| parent [-]
		yes, but how often otherwise would i get to use the word skiddie?

▲

rstupek 5 hours ago | parent | prev | next [-]

If you get a letsencrypt certificate it will get probed within a minute

▲

jmb99 an hour ago | parent [-]

I’ve tested this recently (this post week). Had a dns entry up and pointing to an nginx server for ~12 hours, zero requests. 17 seconds after the letsencrypt cert was issued, the floodgates opened. Over a dozen of requests per second.

	▲	walrus01 41 minutes ago \| parent [-]
		I don't think it's necessarily specific to LE but rather to public certificate transparency logs. LE being free and easy to automate means it's very widely used these days, but if you theoretically go to a "pay" root CA and get a cert that covers thing.com and www.thing.com , the same probing will happen on the same time scale.

▲

doublerabbit 4 hours ago | parent | prev [-]

22 minutes. I got my new ISP with fibre. Placed my web server online. 22 minutes my honey pot got stung.