Ok, it’s me again. I’ve been checking the sampled logs on my cloudflare website and I’ve noticed some very particular requests:
Some context: I’m hosting my own static website (a personal blog) at home and serving it to the internet through a Cloudflare tunnel.
Upon inspecting them it seems like they are bots and web-crawlers trying to access directories and files that don’t exist on my server, (since I’m not using wordpress). While I don’t really have any credentials or anything to lose on my website and these attacks are harmless so far, this is kinda scary.
Should I worry? Is this normal internet behaviour? Should I expect even worse kinds of attacks? What can I do to improve security on my website and try to block these kinds of requests/attacks?
I’m still a noob, so this is a good opportunity for learning.
Thanks
Those attacks you see are mostly (close to 100%) harmless bots, scripts. Yes they are trying default passwords and exploits that got patched years ago.
If you do not use default credentials and do run up to date software there is nothing to worry about.
Even brute force attacks are rare.
This is just “noise” so to speak.
If you are scared by this, you should reconsider hosting something on the internet. Yes things like fail2ban can help but only if they knock on your server multiple times and mostly only to keep your logs clean.
That looks like the internet. Every server gets bombarded with these requests. Generally: Use good passwords, make sure your software blocks bots brute-forcing passwords, after some sane amount of tries… Keep everything updated…
If you want some more attacks, install a mailserver. Or expose VNC/Windows Remote Desktop or a VOIP server. That gets the bots really worked up.
Fail2ban works really well.
Just make sure you actually enable the jails/filters for the services you use … I’ve seen people just install it and that will by default just protect ssh and leave everything else as is.