My web server is getting a lot of GET request on thinker/js/think.js and thinker/showSimilarInfo.do.
These requests obviously constitute a server attacks.
What is point of these attacks?
Also, is there a way to automatically ban IP which is trying to this kind of attack.
What is point of these attacks?
There is probably an application out there that has a security vulnerability in one of these files. If you're not hosting these files you can probably ignore the request. It's probably someone scanning thousands of hosts to find one that is vulnerable.
Also, is there a way to automatically ban IP which is trying to this kind of attack.
Sure. fail2ban is a common solution for this sort of thing, but there are others. fail2ban monitors log files for certain patterns, and then executes actions when certain thresholds are reached. A typical action is to modify the local firewall configuration to ban the offending ip address.
