I have a new 2.0 site running currently only accessible via the server IP, I haven't set the DNS for the domain name yet. As I was looking through the IIS logs tonight expecting to see only entries from my connections, I found two entries that were from a server in LA. I am in the midwest. The two entries were specifically directed at the admin Excel export. These were the only entries that were not mine own entries. The entries were only 2 seconds apart and the IP only changed by one. Obviously someone familiar with nop and somehow able to find my site via IP. And probably reading this post!
/Admin/Product/ExportExcel - 80 - 74.217.148.72
/login ReturnUrl=%2fAdmin%2fProduct%2fExportExcel 80 - 74.217.148.73