hey ther,

theres sum bad peoples (found by ther ip adress) thats tryin to acces teh tecnical folders on my site but ther gettin errored out (it all shows up in error.log) dont no why ther doin it tho, ther aint no index.php ther:

AH01276: cant serve directory /var/www/babai/data/www/www.babai.ru/bitrix/js/: no matching DirectoryIndex (index.php) found, and server-generated directory index forbidden by Options directive

im blockin them with fail2ban but im jus curious, whats teh method of attack ther usin? is it sum kinda brute force or wut?

The error yer seein in the log, that AH01276 one, is tellin ya that sumone's tryin to access a directory on yer site, specifically /bitrix/js/, but they aint findin an index.php file or any other default file that would normally load when ya visit a directory in a browser.

So, whats actually happenin here? Well, the bad guys are probly just lookin for vulnerabilities. Here's a breakdown of what they might be up to:

Directory Traversal: They're hopin to find directories that might expose files or data that shouldn't be visible. If ther was an index.php or similar file in that directory, it would usually load by default. But since yer server's configured not to show directory listings (which is good!), they're getting blocked and yer server logs that attempt.

Reconnaissance: This could be part of a larger recon mission. They're tryin to gather info about the structure of yer site. Knowing that yer usin Bitrix (based on the directory name) could give em clues about what kinda vulnerabilities to target.

Brute Forcin Directory Access: They might be brute forcin not just passwords but also tryin to discover hidden directories or files by guessin common names. It's not really a brute force attack in the traditional sense, like guessin passwords, but more about guessin paths and files that might exist.

Checkin for Misconfigurations: Sumtimes, attackers look for misconfigured servers where directory listings might be enabled or where they can access files directly. By poking around, they're hopin to find a slip-up, like an exposed config file or backup.

Script Kiddies: To be honest, it might jus be sum script kiddies runnin automated tools that blindly hit common paths. They don't always know what they're doin but are hopin to get lucky.

Yer already blockin them with fail2ban, which is great! It'll help keep these nosy folks out. But it's also a good idea to check yer server config, make sure no unnecessary directories are accessible, and keep yer software up to date to prevent any real vulnerabilities from bein exploited.

If ya want to be extra careful, consider addin sum extra rules in yer web server config (like .htaccess if yer usin Apache) to further lock down directories like /bitrix/js/, especially if they don't need to be accessed directly by anyone.

When you run a scan and get a 403 error, it's a dead giveaway that a directory exists and that Options All -Indexes is enabled. One solution could be to use ErrorDocument 403 /notfound to redirect the user to a custom notfound page or even to a page that automatically bans the IP.

Back in the day, I was testing Drupal security for a friend. Web servers didn't always have Options All -Indexes enabled by default. I could manually browse typical module/cache directories and actually find a listing of compiled page versions. After that, it was just a matter of digging through the files, and, sure enough, some files contained mysql requests with config data.

A little extra tip: always double-check the permissions on those directories, especially when deploying new modules or updates—just one slip-up could expose sensitive info.

Showing MySQL access passwords right in the browser, it's happens on every second website you see nowadays. PDO, by defalt, shows everything in browser—database structure, access details and all—whenever connecting to the database fails for whatever reason.

Trying to save money by cutting corners on developers isn't a good strategy.

Also, honestly, neglecting basic security practices like this leads to vulnerabilities, opening doors for hackers, which costs more in the long run.