Maintaining a website is not too difficult, but it does benefit from some periodic cleanup. Occasionally, I make a typo and other times I mangle a link. No matter what the problem, it is a bother to anybody who visits the site. Therefore, I watch the error logs and make an effort to find a fix.
Recently, I noticed that somebody, probably a bot, is trying to take control of the site by doing a login. It isn’t the first time, but it is the first time I’ve decided to to write notes about it.
There are unscrupulous people out there. Some of them write software to cruise the Internet for sites where they can plant malware to spread it more widely. In geek terms, they want to “pwn” the site. They want to “OWN” it. I don’t want them to succeed, but I dislike the 404 errors.
The logs recently showed that “someone” has tried to access a folder called “login” 59 times, 2 times just this week. Up until today, that folder has not existed, which caused the webserver software to generate the error, affectionately known as a “404 – File not found” error. I am not happy when my typos have caused a useful file to not work, especially when somebody wants to access my 3D printing stuff. I’m equally unhappy that the creeps want to capture my site.
My solution for a typo is easy. I fix it. A broken link, also easy if the file is mislabeled on my site.
For the missing login folder, the solution was to make one, and to fill it with a couple of files designed to waste the time of a bot, or to inform a visiting human of the reason they won’t get in by this pathway.
You are welcome to go see the new pages and try to log in yourself. No matter what you enter into the form, the same message comes up again and again.
Just in case you want to see it, I’ve also created a custom 404 error page. I think that it is better to make the missing file give more back than just a numbered error. I recommend everybody with a website set up one of their own.