I’m getting a lot of bot requests in my logs. Is there a way to mitigate some of these requests?

Looking at my access log, it seems there's a lot (hundreds) of 404's for endpoints like /?XDEBUG\_SESSION\_START=phpstorm
These are obviously bots scanning for known exploits living on my domain name. Though they're wasting their time (I don't use any known software), my concern is that they're sending a lot of requests to my server. I've traced a small sample of their IP's and unsurprisingly they all come from VPNs.

Now... I know my way around a server, but I'm not a master server admin. This may be something I can simply ignore. My questions are: Is this something I should I just ignore? Is there a way to mitigate this and reduce the chatter in my logs?

I use ubuntu with nginx as a proxy to my python application. Please advise.

4 thoughts on “I’m getting a lot of bot requests in my logs. Is there a way to mitigate some of these requests?”

  1. If you’re fine with putting the traffic through Cloudflare, those superfluous requests would be filtered before reaching your server.

    Reply
  2. I agree with the other posters that it’s no big deal what you’re seeing – as long as they hit something which isn’t there. But if you want to block it anyway (or just wants to make sure future attempts of more nasty attacks will be blocked), I’d do it with [CrowdSec](https://crowdsec.net/) which would watch the nginx log and block those attemps when it sees them (if they aren’t blocked already based on signals from the crowd – meaning that the same ip already attacked other users. In that case it would be blocked in your instance as well as every other relevant user’s)

    Reply

Leave a Comment