The original post: /r/nginx by /u/vectorx25 on 2024-12-02 03:10:19.
Hello, I have a django site running behind nginx,
I already installed ngxblocker and it seems to be working, but I still see daily access logs like this
78.153.140.224 - - [02/Dec/2024:01:43:52 +0000] "GET /acme/.env HTTP/1.1" 404 162 "-" "Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; GT-S6012 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30" "-"
51.161.80.229 - - [02/Dec/2024:02:31:34 +0000] "GET /.env HTTP/1.1" 404 194 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36" "-"
13.42.17.147 - - [02/Dec/2024:02:00:07 +0000] "GET /.git/ HTTP/1.1" 200 1509 "-" "Mozilla/5.0 (X11; Linux x86_64)" "-"
I have 80,443 open completely for the website, these guys are trying to steal .env, AWS, etc creds via GET requests
is there anything I can do to block IPs that dont hit the legitimate Get and Post routes i have advertised on my django backend? I started adding constant spammers IPs into an iptables blacklist but its a losing battle, impossible to keep up manually.
Not sure how to automate this.