somebody is trying to hack your site while you're sleeping

Fri Dec 02 2005 12:06:22 GMT+0000 (Greenwich Mean Time)

I have been finding LOTS of hacking attempts on several sites I manage. Each time I look at the server error log I can find entries like these ones:

[Tue Nov 29 00:47:32 2005] [error] [client 209.128.104.183] File does not exist: C:/Webroot/xmlrpc
[Tue Nov 29 00:47:37 2005] [error] [client 209.128.104.183] File does not exist: C:/Webroot/xmlsrv
[Tue Nov 29 00:47:43 2005] [error] [client 209.128.104.183] File does not exist: C:/Webroot/services
[Tue Nov 29 00:47:48 2005] [error] [client 209.128.104.183] File does not exist: C:/Webroot/blog
[Tue Nov 29 00:47:53 2005] [error] [client 209.128.104.183] File does not exist: C:/Webroot/drupal
[Tue Nov 29 00:47:58 2005] [error] [client 209.128.104.183] File does not exist: C:/Webroot/community
[Tue Nov 29 00:48:03 2005] [error] [client 209.128.104.183] File does not exist: C:/Webroot/blogs
[Tue Nov 29 00:48:08 2005] [error] [client 209.128.104.183] File does not exist: C:/Webroot/blogs
[Tue Nov 29 00:48:14 2005] [error] [client 209.128.104.183] File does not exist: C:/Webroot/blog
[Tue Nov 29 00:48:19 2005] [error] [client 209.128.104.183] File does not exist: C:/Webroot/blogtest
[Tue Nov 29 00:48:24 2005] [error] [client 209.128.104.183] File does not exist: C:/Webroot/b2
[Tue Nov 29 00:48:29 2005] [error] [client 209.128.104.183] File does not exist: C:/Webroot/b2evo
[Tue Nov 29 00:48:34 2005] [error] [client 209.128.104.183] File does not exist: C:/Webroot/wordpress
[Tue Nov 29 00:48:39 2005] [error] [client 209.128.104.183] File does not exist: C:/Webroot/phpgroupware

I presume that the purpose of these little lamer script kiddies-hackers wannabe is to be able to enter a site through one of the xml-rpc interfaces that many web applications make available to be able to interact with other applications (via pings and so on), and then put an stupid message like "7H15 5173 |-|/\5 b€€|/| D3F/\C3D" (aka "This site has been defaced").

Well, guys, that's simply silly. Why don't you try and learn how to code something useful instead of using pre-made scripts to hack a site, or even better, stick your finger where you know and never put it out again!

And by the way, can somebody explain me if it corresponds to a new zombie-machines-exploiter virus? or is it just a brigade of bored teenagers?