I’ve run WordPress sites before at small scales, but usually this was through a hosting provider or a small experimental setup. This particular server runs on a budget VPS. After taking time to carefully craft a functional Privacy Policy and Terms of Service (which you should totally read carefully by the way!), I began to comply with that policy while auditing server connections to ensure that the server is working properly.
What I discovered was akin to the Cosmic Microwave Background: the background radiation of the Internet.
The most welcome and courteous guests are the official web crawlers: Google Spider, ClaudeBot, AppleBot, and so on that perform a useful (semi)-public service by ingesting the openly-accessible web and regurgitating the information elsewhere in a way that is more accessible for humans. The suit-bots introduce themselves–politely and clearly–even handing over their figurative business cards with clear policies and even contact information for concerned webmasters administrators. These bots are well-behaved, generally showing respect for my robots.txt and my limited system resources. The idealized relationship is mutually-beneficial.
Aside: webmaster I’m told shows my age. It comes from the 1990s and early 2000s when it was more common for websites to be owned and operated by a single “tech wizard.” Much of my millennial cohort still uses the term. Long past the days of Myspace and Angelfire, everything became more commercialized and developed, and so the occupation has largely fragmented along lines of service responsibility.
But, there are also demons that wander these digital halls. The image above shows a bot trying credentials against my admin page. This brute-force method that it’s using will never work because the user must either have a Google Account or pass a Google Enterprise reCAPTCHA, and afterwards, additional security measures are in force to provide visibility and to protect the server operations. This eternal background of Internet radiation continuously probes for weaknesses and consumes a steady trickle of system resources to answer for pages that don’t exist, POST requests.
Other bots are less like mindless insects and are instead more carefully targeted with knowledge of a specific vulnerability, like trained assassins, probing for exactly one bug and if the bug is not present, they move on to the next potential target. I see queries for non-existent plugins and tests for sensitive configuration files that don’t exist on this server, for example.
Still, others are masked strangers. They walk the site, clicking on links and searching through the tags and archives, browsing with no name and intentions unclear beyond their autonomous nature. I have no way of knowing their objectives. Perhaps, they are smaller search engines a little wet behind the ears that haven’t yet put on their suit and tie, or maybe these strangers are content scrapers burgling copies of my work (that they could have simply borrowed it for any lawful purpose under the very permissive terms of my Creative Commons license). Maybe they’re staging for a future assault. Who knows.
What I do know is the Internet background radiation will never cease so long as there are vulnerable services to exploit. I will do my best to prevent this site from joining the zombie hordes.
Leave a Reply