She checked the logs again. The brute-force attempts stopped, replaced by a "403 Forbidden" error. The intruder was gone.
The "patched" part of the keyword is vital because unpatched .shtml implementations are susceptible to . Server-Side Includes (SSI) Injection - OWASP Foundation view shtml patched
While rare in new code, many still run unpatched view.shtml endpoints. Shodan searches reveal thousands of exposed devices with this signature. She checked the logs again