Dismissing these as script kiddie attempts is no longer correct. This is a real industry now. It’s not like the large scale actors are going to pass up a valid unpatched vector just because it’s old hat.
replyThey're skiddies if they're trying WordPress attacks on domains that have never hosted anything remotely close to a CMS before...
replyyes, but how often otherwise would i get to use the word skiddie?
replyIf you get a letsencrypt certificate it will get probed within a minute
replyI’ve tested this recently (this post week). Had a dns entry up and pointing to an nginx server for ~12 hours, zero requests. 17 seconds after the letsencrypt cert was issued, the floodgates opened. Over a dozen of requests per second.
replyI don't think it's necessarily specific to LE but rather to public certificate transparency logs. LE being free and easy to automate means it's very widely used these days, but if you theoretically go to a "pay" root CA and get a cert that covers thing.com and www.thing.com , the same probing will happen on the same time scale.
reply22 minutes. I got my new ISP with fibre. Placed my web server online. 22 minutes my honey pot got stung.
reply