The worst thing about PHP is that the majority of people who visit my website are script kiddies from the third world pen testing for PHP vulnerabilities.
I get this too. I doubt it's that active though at least in my case - I think hosting provider IP ranges are well known and bots just constantly throw known vulnerabilities in common web software at them to see what they can break into and backdoor.
