I recently decided to take a look at the HTTP requests I was getting. Well, at least those that returned a 404. You can take a look at it here. Not surprisingly, the most common attacks were at the most commonly used web applications such as phpMyAdmin, along with random stabs in the dark at specific certain URLs, e.g. /manager, /admin. I’ll probably step up my log monitoring from now on.
The file was generated by the following command in my lighttpd log file directory:
zgrep " 404 " * | grep -v robots.txt | cut -d" " -f7 | sort | uniq -c | sort -r > /root/404.txt