в выходные какой-то скучающий человек хакнул один из подопечных сайтов.
просматривая лог, обнаружила семь минут подбора директории с админкой. за эти семь минут было перебрано 433 предполагаемых названий. так как среди этого не нашлось более-менее подходящей, скучающий человек решил подчистить базу через поисковую форму.
commoncgi, ControlManager, CVS, .cobalt, NonExistant1809141272, AdminWeb, Administration, AdvWebAdmin, Mail, Install, News, PDG_Cart, README, Readme, Stats, StoreDB, ToDo, WebCalendar, WebTrend, _backup, _errors, _passwords, _scripts, _vti_bin, _vti_log, _vti_pvt, _vti_shm, login.htm, _vti_txt, account, accounting, adm, admin, admin-bak, admin-old, admin.back, admin_, administration, adminweb, analog, archive, archives, asp, auth, backups, cbi-bin, ccard, ccards, cd-cgi, cfide, cgi, cgi, cgi-auth, cgi-bin, cgi-bin2, cgi-lib, cgi-local, cgi-scripts, cgi-shl, cgi-shop, cgi-sys, cgibin, cgilib, cgis, cgiscripts, cgiwin, class, classes, config, credit, database, databases, datafiles, db, dbase, demo, demos, devel, doc, document, documents, download, downloads, email, hlstats, htdocs, iisadmin, iissamples, includes, include, incoming, intranet, log, login, logon, logs, lost+found, mysql_admin, old, oldfiles, oracle, passwords, payments, support, payment, private, protected, secret, secure, siteadmin, sites, stat, sslkeys, statistics, stats, stats_old, sysadmin, test, testing, tests, tmp, userdb, users, ustats, web_usage, webaccess, webalizer, webstats, webtrends, wstats, wwwstat, ~admin, ~stats, 1, 10, 3, 5, 6, 7, 8, 9, Album, CS, CVS, DocuColor, GXApp, HB, HBTemplates, IBMWebAS, JBookIt, Log, Msword, ROADS, SilverStream, Templates, WebBank, WebDB, Web_store, WebShop, XSL, _derived, _ScriptLibrary, _fpclass, _mem_bin, _notes, _objects, _pages, a, accesswatch, acciones, activex, admentor, agentes, anthill, app, applets, application, applications, apps, ar, atc, aw, ayuda, b, b2-include, back, backend, banca, banco, banner, banner01, banners, batch, bb-dnbd, bdata, bdatos, billpay, bin, boot, boadmin, bug, bugs, bugzilla, buy, buynow, cache-stats, card, cards, cart, cash, caspsamp, catalog, cd, cdrom, ce_html, cert, certificado, certificate, cfappman, cfdocs, cliente, clientes, cm, cmsample, cobalt-images, code, comments, common, communicator, compras, conecta, conf, connect, console, controlpanel, core, corp, cron, crons, crypto, csr, css, cuenta, cuentas, currency, cvsweb, cybercash, d, darkportal, data, dcforum, ddrint, demoauct, demomall, design, development, dl, dm, dms0, dmsdump, doc-html, docs1, docs, durep, e, easylog, eforum, ejemplos, emailclass, empoyees, empris, envia, enviamail, error, errors, es, examples, exc, excel, exchange, exe, external, f, fbsd, fcgi-bin, files, foldoc, form, forms, form-totaller, forum, forums, foto, fotos, fpadmin, fpdb, fpsample, framesets, g, gfx, global, grocery, guest, guestbook, helpdesk, hide, hit_tracker, hitmatic, home, hostingcontroller, ht, html, hyperstat, ibank, ibill, icons, icons, idea, ideas, image, imagenes, imagery, images, img, imp, import, impreso, inc, info, information, ingresa, ingreso, internal, inventory, invitado, isapi, japidoc, java, javasdk, jave, jdbc, job, jrun, js, jserv, jslib, jsp, labs, lcgi, lib, libraries, libro, links, linux, loader, logfile, logfiles, logg, logging, mail_log_files, makefile, manage, manual, marketing, members, message, messaging, metacart, mkstats, movimientos, mqseries, msql, mysql, ncadmin, nchelp, ncsample, netbasic, netcat, netscape, netshare, nettracker, new, nextgeneration, nl, objects, odbc, oprocmgr-service, oprocmgr-status, oradata, order, orders, outgoing, owners, pages, pccsmysqladm, personal, phorum, php, phpBB, phpMyAdmin, phpPhotoAlbum, phpSecurePages, php_classes, phpnuke, phpprojekt, piranha, pls, poll, postgres, printers, priv, privado, prod, public, publica, publico, purchase, purchases, pw, random_banner, rdp, register, registered, reports, reseller, restricted, reviews, root, rsrc, sales, save, script, scripts.