Someone is trying to find vulnerabilities on my "private" project

Zlatislav · March 23, 2024, 12:05pm

2024-03-22T18:50:35.328 app[5683944c1ee348] ams [info] 2024/03/22 18:50:35 [error] 332#332: *2 open() "/usr/share/nginx/html/wp-login.php" failed (2: No such file or directory), client: 172.16.145.194, server: localhost, request: "GET /wp-login.php HTTP/1.1", host: "example.fly.dev", referrer: "http://example.fly.dev/wp-login.php"

2024-03-22T18:50:35.328 app[5683944c1ee348] ams [info] 172.16.145.194 - - [22/Mar/2024:18:50:35 +0000] "GET /wp-login.php HTTP/1.1" 404 153 "http://example.fly.dev/wp-login.php" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "193.34.145.204, 66.241.125.108"

2024-03-22T19:47:00.331 app[5683944c1ee348] ams [info] 172.16.145.194 - - [22/Mar/2024:19:47:00 +0000] "GET / HTTP/1.1" 200 5 "-" "-" "198.235.24.11, 66.241.125.108"

2024-03-23T11:38:04.833 app[5683944c1ee348] ams [info] 2024/03/23 11:38:04 [error] 332#332: *4 open() "/usr/share/nginx/html/wp-login.php" failed (2: No such file or directory), client: 172.16.145.194, server: localhost, request: "GET /wp-login.php HTTP/1.1", host: "example.fly.dev", referrer: "http://example.fly.dev/wp-login.php"

2024-03-23T11:38:04.833 app[5683944c1ee348] ams [info] 172.16.145.194 - - [23/Mar/2024:11:38:04 +0000] "GET /wp-login.php HTTP/1.1" 404 153 "http://example.fly.dev/wp-login.php" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "91.142.2a22.180, 66.241.125.108"

Is there a way to stop these “mass scanners”

greg · March 23, 2024, 6:49pm

Hi,

Unfortunately any app exposed to the internet (a “public” hostname or IP, in the sense that while it may not be shared, it can be accessed) will see the same thing, whatever platform you use.

You may get some protection putting your app behind a proxy (whether a sibling nginx app, or a service like Cloudflare). But you will still get random probes looking for simple vulnerabilities even then. The best thing is to make sure your app is not vulnerable e.g make sure to apply updates.

madhuryadutta · March 24, 2024, 11:00pm

I agree with @greg . @Zlatislav , the easiest solution would be to put your site behind Cloudflare and enable Bot Fight Mode. This will block the majority of these bots and crawlers.

system · March 31, 2024, 11:01pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
errno -13 on some static files? Questions / Help	3	243	May 23, 2023
App was down for 15 mins (returned 403 Forbidden) Questions / Help	3	510	July 29, 2022
Turboku 500 Server Error Issue?	8	471	August 14, 2020
Error: No such file or directory - Not sure how to find the file that's missing Questions / Help logs	1	237	August 17, 2023
Rails app fails: could not find a good candidate within 90 attempts at load balancing Build debugging help-me-help-you , rails , machines	0	61	April 1, 2024

Someone is trying to find vulnerabilities on my "private" project

Related Topics