small adjustments

content/post/2021/03/lousy-wordpress-hacking-attempts.md

@@ -24,7 +24,15 @@ Wodpress-enabled sites are _very_ easy to spot: just look for `wp-` anything in
 
 I mean, really? `<?php>die(@md5(HelloThinkCMF))</php>`? Are servers that badly managed that any GET parameter is dynamically evaluated on the server? 
 
-You might notice a repeating pattern in the above log: when setting up the new server (the previous one [got up in flames](/post/2021/03/always-have-a-disaster-recovery-plan/) a couple of weeks ago), I forgot to add the classic 404 page - which results in an error entry in the nginx log. To be honest, I never check those logs. I happened to be looking for something else and got curious. 
+Other `GET` attempts included trying to reach:
+
+- `/phpMyAdmin/scripts/setup.php`
+- `index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`
+- `/?XDEBUG_SESSION_START=phpstorm HTTP/1.1`
+
+Be sure to follow the "**hardening my instance**" installation instructions on your PHP engine (Such as [Wordpress's documentation](https://wordpress.org/support/article/hardening-wordpress/)) - it seems that you'll need it. 
+
+Furthermore, you might notice a repeating pattern in the above log: when setting up the new server (the previous one [got up in flames](/post/2021/03/always-have-a-disaster-recovery-plan/) a couple of weeks ago), I forgot to add the classic 404 page - which results in an error entry in the nginx log. To be honest, I never check those logs. I happened to be looking for something else and got curious. 
 
 Now, what to do? Well, nothing. Smile. It's all static. Still, it's very sad to see these pathetic attempts, and it makes me angry because years ago, a Wordpress site of mine _was_ effectively hacked because I did not upgrade the instance in due time. If those guys are any good at coding, their skills could have been used for good instead of bullying people.