Someone is trying to find vulnerabilities on my "private" project

Zlatislav · March 23, 2024, 12:05pm

2024-03-22T18:50:35.328 app[5683944c1ee348] ams [info] 2024/03/22 18:50:35 [error] 332#332: *2 open() "/usr/share/nginx/html/wp-login.php" failed (2: No such file or directory), client: 172.16.145.194, server: localhost, request: "GET /wp-login.php HTTP/1.1", host: "example.fly.dev", referrer: "http://example.fly.dev/wp-login.php"

2024-03-22T18:50:35.328 app[5683944c1ee348] ams [info] 172.16.145.194 - - [22/Mar/2024:18:50:35 +0000] "GET /wp-login.php HTTP/1.1" 404 153 "http://example.fly.dev/wp-login.php" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "193.34.145.204, 66.241.125.108"

2024-03-22T19:47:00.331 app[5683944c1ee348] ams [info] 172.16.145.194 - - [22/Mar/2024:19:47:00 +0000] "GET / HTTP/1.1" 200 5 "-" "-" "198.235.24.11, 66.241.125.108"

2024-03-23T11:38:04.833 app[5683944c1ee348] ams [info] 2024/03/23 11:38:04 [error] 332#332: *4 open() "/usr/share/nginx/html/wp-login.php" failed (2: No such file or directory), client: 172.16.145.194, server: localhost, request: "GET /wp-login.php HTTP/1.1", host: "example.fly.dev", referrer: "http://example.fly.dev/wp-login.php"

2024-03-23T11:38:04.833 app[5683944c1ee348] ams [info] 172.16.145.194 - - [23/Mar/2024:11:38:04 +0000] "GET /wp-login.php HTTP/1.1" 404 153 "http://example.fly.dev/wp-login.php" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "91.142.2a22.180, 66.241.125.108"

Is there a way to stop these “mass scanners”

greg · March 23, 2024, 6:49pm

Hi,

Unfortunately any app exposed to the internet (a “public” hostname or IP, in the sense that while it may not be shared, it can be accessed) will see the same thing, whatever platform you use.

You may get some protection putting your app behind a proxy (whether a sibling nginx app, or a service like Cloudflare). But you will still get random probes looking for simple vulnerabilities even then. The best thing is to make sure your app is not vulnerable e.g make sure to apply updates.

madhuryadutta · March 24, 2024, 11:00pm

I agree with @greg . @Zlatislav , the easiest solution would be to put your site behind Cloudflare and enable Bot Fight Mode. This will block the majority of these bots and crawlers.

system · March 31, 2024, 11:01pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
errno -13 on some static files? Questions / Help	3	308	May 23, 2023
Turboku 500 Server Error Issue?	8	532	August 14, 2020
Error: No such file or directory - Not sure how to find the file that's missing Questions / Help logs	1	273	August 17, 2023
Random attacks on public endpoint	4	714	November 14, 2024
The app is not registered in the DNS of the private network Questions / Help mysql	2	298	April 8, 2022

Someone is trying to find vulnerabilities on my "private" project

Related topics