Getting heavy traffic from random IP addresses

Question

Digital ocean closed my droplet dude to have traffic on droplet. I made a new droplet(instance) and I am facing the same issue again.

My nginx access.log is full of random ip address trying to make POST call. I have pasted some of it at the end.

For precaution I am using fail2ban to blacklist these ip address.But I need to know the root of problem

Is it happening because of malicious software inside my system or is is it something I do not have any control over it?

If it is because of any malicious package then how do i find it?

2.177.28.141 - - [27/Nov/2015:12:50:13 -0500] "POST / HTTP/1.1" 403 1358 "-" "Apache-HttpClient/UNAVAILABLE (java 1.5)"
5.238.77.154 - - [27/Nov/2015:12:50:33 -0500] "POST / HTTP/1.1" 403 1358 "-" "Apache-HttpClient/UNAVAILABLE (java 1.5)"
5.238.77.154 - - [27/Nov/2015:12:50:34 -0500] "POST / HTTP/1.1" 403 1358 "-" "Apache-HttpClient/UNAVAILABLE (java 1.5)"
2.187.214.241 - - [27/Nov/2015:12:51:11 -0500] "POST / HTTP/1.1" 403 1358 "-" "Apache-HttpClient/UNAVAILABLE (java 1.5)"
2.187.214.241 - - [27/Nov/2015:12:51:11 -0500] "POST / HTTP/1.1" 403 1358 "-" "Apache-HttpClient/UNAVAILABLE (java 1.5)"
188.34.65.121 - - [27/Nov/2015:12:51:25 -0500] "POST / HTTP/1.1" 403 1358 "-" "Apache-HttpClient/UNAVAILABLE (java 1.5)"
188.34.65.121 - - [27/Nov/2015:12:51:26 -0500] "POST / HTTP/1.1" 403 1358 "-" "Apache-HttpClient/UNAVAILABLE (java 1.5)"
5.212.127.104 - - [27/Nov/2015:12:51:26 -0500] "POST / HTTP/1.1" 403 1358 "-" "Apache-HttpClient/UNAVAILABLE (java 1.5)"
5.115.89.63 - - [27/Nov/2015:12:51:27 -0500] "POST / HTTP/1.1" 408 0 "-" "-"
5.115.89.63 - - [27/Nov/2015:12:51:37 -0500] "POST / HTTP/1.1" 403 2641 "-" "-"
2.177.28.141 - - [27/Nov/2015:12:51:57 -0500] "POST / HTTP/1.1" 403 1358 "-" "Apache-HttpClient/UNAVAILABLE (java 1.5)"
2.177.28.141 - - [27/Nov/2015:12:52:02 -0500] "POST / HTTP/1.1" 403 1358 "-" "Apache-HttpClient/UNAVAILABLE (java 1.5)"
5.210.116.108 - - [27/Nov/2015:12:52:11 -0500] "POST / HTTP/1.1" 403 1358 "-" "Apache-HttpClient/UNAVAILABLE (java 1.5)"
5.210.116.108 - - [27/Nov/2015:12:52:13 -0500] "POST / HTTP/1.1" 403 1358 "-" "Apache-HttpClient/UNAVAILABLE (java 1.5)"

Answer 1

You can use your iptables to block such packets. Use some iptables automation tool like CSF or fail2ban. http://configserver.com/cp/csf.html is working nice for me