Lets say my server is scanned by scripts from time to time. I see popping up a 404 error un the logs for

/libraries/joomla/exporter.php

which is not a file belonging to joomla and exists only on hacked joomla instances, so theres no reason to GET this file other than malicious ones. So I've placed a file there, which logs the connection attempts

Sure there are other ways like analyzing apachze logs, but i think this is more comfortable.

<?php

$line = date('Y-m-d H:i:s') . " - $_SERVER[REMOTE_ADDR] - $_SERVER[REQUEST_URI] - $_SERVER[HTTP_USER_AGENT]";
file_put_contents('visitors.log', $line . PHP_EOL, FILE_APPEND);

echo "thx for supplying your IP skiddie";

?>

touch visitors.log
chown www-data:www-data visitors.log
chmod og-r visitors.log