My PHP logs have been flooding with seemingly random attempts to access scripts and software which isn't installed on my server. At first, All the attempts came from a single IP, I was using CloudFlare, so I was able to block the IP address. I thought I was successful in preventing them but a day later it continued from another address. I'm not sure what to do or how to prevent these attempts into my server.
Asked
Active
Viewed 88 times
0
-
2Do you have a Web Application Firewall? – DarkMatter Nov 09 '18 at 20:58
-
This is entirely common these days. See https://security.stackexchange.com/questions/40291/strange-requests-to-web-server – Daisetsu Nov 09 '18 at 21:10
-
I meant, what software would I use for a "web application firewall" or how would I setup one? – DireDoesGames Nov 09 '18 at 21:19
-
1I think this just falls under "welcome to the Internet". – schroeder Nov 10 '18 at 00:48
1 Answers
1
As was pointed out by @Daisetsu this a common thing to see in web access logs these days on anything exposed to the internet (it is mostly automated).
Per the comments I'm going to recommend you install/configure a Web Application Firewall. You can find several good ones by doing a quick online search (trying to stay product neutral). Most of these come pre-configured with some basic rules to filter out blatant/known bad stuff but you can/should also add custom rules if you have some special/unusual components to your application that need to be monitored/protected. If you have a web application of any kind exposed to the internet you probably should have at least a basic/out-of-the-box WAF unless you know for sure you don't need one for some reason.
DarkMatter
- 2,671
- 2
- 5
- 23