There is a continuous attack on server and i am not sure from where it happening. if someone can understand and guide me on this.
Asked
Active
Viewed 98 times
-2
-
10 seconds or half a minute between two requests? Wait until a real attack hits you. But still, I wouldn't send them a redirect. Drop those requests or make them hang if you can afford it. Perhaps you've got HaProxy in front of your Nginx? – Gerard H. Pille May 03 '20 at 10:17
1 Answers
0
People are constantly using automated tools to try to compromise servers. If it's not causing a problem, ignore it.
If it is causing a problem get yourself a good CDN (CloudFlare has a free tier but it's feature limit), enable their security features, and only accept requests from their IPs ranges and your IP address(s). In AWS I use security groups but you can use iptables - iptables uses a lot less resources than Nginx calling PHP.
Tim
- 30,383
- 6
- 47
- 77
-
1It's a bit disturbing detail that it comes from the localhost, though. – Esa Jokinen May 03 '20 at 06:58
-
True, I didn't notice that. I wonder if there's some kind of proxy or something else going on there. – Tim May 03 '20 at 08:16
-
1I didn't answer for that reason, because the answer would have depended on details unknown. – Esa Jokinen May 03 '20 at 08:33
-
-
First you need to work out why the requests are coming from localhost. Please work that out then edit your question. If you can't work it out please edit your question to give some more details about your environment, and proxies, etc. – Tim May 03 '20 at 20:33