From 4f528fd35207ffdc16ffbbdd356e2cbfdd11771c Mon Sep 17 00:00:00 2001
From: bashrc <bob@libreserver.org>
Date: Tue, 13 Jan 2026 15:56:16 +0000
Subject: [PATCH] Log attempts to access passwords

---
 daemon_get.py   | 7 +++++++
 scripts/invalid | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/daemon_get.py b/daemon_get.py
index 595fdbff6..9f4578dea 100644
--- a/daemon_get.py
+++ b/daemon_get.py
@@ -6103,6 +6103,13 @@ def daemon_http_get(self) -> None:
     # check that the file exists
     filename = self.server.base_dir + self.path
 
+    if filename == data_dir(self.server.base_dir) + '/passwords':
+        print('WARN: attempt to access passwords ' +
+              str(self.headers).replace('\n', ' '))
+        http_404(self, 143)
+        self.server.getreq_busy = False
+        return
+
     # check that the file is not suspended
     if filename.endswith('.suspended'):
         http_404(self, 145)
diff --git a/scripts/invalid b/scripts/invalid
index 229f8a7a1..e5b1b5143 100755
--- a/scripts/invalid
+++ b/scripts/invalid
@@ -1,2 +1,2 @@
 #!/bin/bash
-journalctl -u epicyon | grep "invalid header\|invalid characters\|leech bounced\|LLM scraper\|suspicious\|bad path\|not wordpress"
+journalctl -u epicyon | grep "invalid header\|invalid characters\|leech bounced\|LLM scraper\|suspicious\|bad path\|not wordpress\|attempt to access passwords\|GET Unknown request"