One of my clients’ sites has a 404 not found logger installed so we can easily add needed redirects. While reviewing the log today it became apparent somebody had run a script against the site to check for a couple hundred combinations of common directories and files that could be downloaded. Many of them were looking for database backup files. The scary thing is, as I’ve worked on dozens of Magento sites, I’ve seen files and directories with these names available publically when I start working on their project. All someone has to do is guess the filename and proper path and they’ll download an older copy of your database – whenever your developer created that file. It’s difficult for a store owner to identify this security risk because most of them aren’t accessing the code files and looking. Be sure to have a development team working on your site that is focused on security and doesn’t leave these files laying around! The good news is, we don’t have any vulnerable data accessible like this on our customers’ project, and we blocked this IP address.