Question

I've got a 404 monitor set up and I've been redirecting all hits to appropriate pages (usually just the homepage). Some of these are weird queries such as . env or phpunit. xml. Should I be redirecting these? Or am I potentially screwing with a plugin or some other important function? My primary concern was that it is hacking attempts but I honestly don't yet know enough about this.  

Answer 1

Those are usually probe queries coming from botnets looking for potential scripts to compromise. They could also be exploratory queries used by researchers or people looking to create a group of Websites for future contact based on mutual interests.  

Comments

"How do you know this, Michael? " In the first case it's been the pattern that there are follow up probes when they detect a script they might be able to exploit. The first probe flags the detected URLs in a database somewhere and a second app comes along - 1-2 weeks later, maybe - and tries to break in. I saw that in server log file analyses many times. In the second case, I've read a lot of research papers where the researchers said something like, "We ran a crawler on the Web looking for files of type [X] . " And in the last case I've seen a few discussions in marketing groups where people said "you should crawl sites looking for files of type [X] because those people are using the software you're interested in. " Of course, there could be a bajillion other reasons why people do this stuff but those are the three reasons I keep encountering after 20+ years.