this is not a blog

I Reckon This Must be the Place, I Reckon

Some Robots have behavioral issues; some Robots suck.

About Bots

Here is a text file summary of some of the many Bots seen in the last few months:

Robots List.

See, also logs for these very annoying Bots:

the "Hello World" Bot.
Linux Gnu Cow

And, Wordpress Plugins with known exploits:

"it's capitol P dang it!"

Oh, all the seemingly random (though they ain't) POSTs to one's domain? Wow! Just wow:


Ah, and the "dotenv"... thing:

That DOTENV Thing

WTF is wlwmanifest.xml?

WTF is wlwmanifest.xml and why do Bots keep looking for it? For example, this happens dozens of times a month and this is from one IP:


Let's take a look at it, shall we?


So that's why! The fucking Admin shit!

When is Wordpress going to grow up and add some basic security measures!

You read that right! Basic Security Measures!


WTF No. 87

Yet another program access – effing Go (golang) and that effing Git... - - [17/Nov/2021:04:32:57] "GET /.git/config HTTP/1.1" 404 - "-" "Go-http-client/1.1"

WTF is wrong with these people?

Yah gahtta be kidding me! All "config" file shtuff is protected by a Web Host's WAF (Web Application Firewall; like, "Mod Security", – what I call the new "Magic Quotes"... more on that later).

Like, Bots trying to read .env – futile (if the hosting company knows it's shit).

Related to WTF is wlwmanifest.xml?

Looking at not just what a Bad bot does but why a Bot does what it does...

This case, it's xmlrpc.php – part of Wordpress, and it (with path variations) is constantly being POSTed to.

So here's what I did.

# /xmlrpc.php
$fd fopen('xmlrpc.log','a');
if (
$fd) {
$out print_r($_POST,true);
$d date(DATE_RFC822);
header('HTTP/1.1 403 Forbidden');

Be back with data...


Got the first two hits:

    Wed, 24 Nov 21 12:46:34 -0700
    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36
    Wed, 24 Nov 21 18:04:07 -0700
    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36

That's it? Crap, now I gotta look into what xmprpc.php does and what it returns... Fuck... Just fix yer shit, Wordpress!

Update: December, 1

While the Wordpress xmlrpc.php is small, the Wordpress "XML-RPC protocol support" is 7,000 lines long, and that's just the file with the constructor! Not something I want to wallow in for any prolonged amout of time...