|What's a random-spelled filename request mean?|
Why do robots request bizarre random file names?
| 2:39 am on Mar 24, 2012 (gmt 0)|
Three requests, in the same second:
Those robot requests make no sense to me. They looked like random letters. But I notice the file name begins "xml"
Are these in fact known names of vulnerable files in a specific application?
They got 403, but not sure why. Perhaps by IP ban because of a prior visit caught with suspicious activity. Like a request for admin, or login, or register, or upload, or etc. etc.
Meanwhile, as a separate question. If a filename seems to be just random letters, should I assume they are not in fact random (a real target somewhere) or what would be the purpose of a random file name request?
| 4:00 am on Mar 24, 2012 (gmt 0)|
That's a standard hack attack looking for a page that tends to be vulnerable.
| 5:36 am on Mar 24, 2012 (gmt 0)|
This particular case, asking for xmlrpc.php, as incrediBILL mentions is an attempt to attack.
The different entry points (directory names) are typically just testing for sub-directories where you might have installed something instead of in root.
When you see totally random names from for example GoogleBot, where they ask for an html file with a name that is made up (such as 'gwekhrtipoiiybveee.html' or something), they are merely checking that your site knows how to return a correct code 404 (Not found). That you do not merely catch unknowns, and redirect, returning 200 instead. Such as with a site search for example.
Google for obvious reasons do not like it when sites return 200 (OK) for everything.
I have some sites, where I redirect users into a nice custom message with a product search if they try to hit an old URL, but I still return an official 404, just to make sure Google can do its cleanup.
| 10:40 am on Mar 24, 2012 (gmt 0)|
Also, sometimes the ending file (.js, .pl, .php or .txt) is appended to the GET request as a hack.