Ok, it’s me again. I’ve been checking the sampled logs on my cloudflare website and I’ve noticed some very particular requests:

Some context: I’m hosting my own static website (a personal blog) at home and serving it to the internet through a Cloudflare tunnel.

Upon inspecting them it seems like they are bots and web-crawlers trying to access directories and files that don’t exist on my server, (since I’m not using wordpress). While I don’t really have any credentials or anything to lose on my website and these attacks are harmless so far, this is kinda scary.

Should I worry? Is this normal internet behaviour? Should I expect even worse kinds of attacks? What can I do to improve security on my website and try to block these kinds of requests/attacks?

I’m still a noob, so this is a good opportunity for learning.

Thanks

  • Ebby@lemmy.ssba.comEnglish
    13·
    4 days ago

    Should I worry?

    I’ve had this stuff in logs since the late 90’s. It was concerning at first, but port scanning and scripts are the internet’s background static now.

    Is this normal internet behaviour?

    Yup. Welcome to self hosting!

    Should I expect even worse kinds of attacks?

    Not that it will happen, but good security expects attacks. I like to say “Obscurity is not security.”

    What can I do to improve security on my website and try to block these kinds of requests/attacks?

    As these scrips are targeting code you don’t run, they can be ignored relatively safely.

    You can take a couple steps to lock things down like not responding to ping on WAN (less enticing to port scanning) locking down firewall settings, geolocation blocking, authentication, etc.

    That said, if the script changed to something you DO host, you may be in for a bad day. Good to stay on top of security patches in that case.

    • KazuchijouNo@lemy.lolOPEnglish
      1·
      4 days ago

      Thanks! I’ll keep all of that in mind. I knew there were a lot of bots and scripts running rampant on the internet, but I was really surprised when I put my website online and suddendly became a target.

      It’s good to know I’m not really at risk and that this is expected. I’ll try to learn more about cybersecurity

      • K3CANEnglish
        1·
        15 hours ago

        You’re not a “target” as much as you are “a thing that exists.” These aren’t targeted attacks.

        That said, you can look into adding some additional measures to your webserver if you haven’t already, like dropping connections if a client requests a location they shouldn’t, like trying to access /admin, /…/…, /.env, and so on.

        On nginx, it could be something like:

        location ^/\.|)/admin|/login {
    return 444;
}

        Of course, that should be modified to match whatever application you’re actually using.