So, im a newbie here.
I have some services running.
I put today all behind Nginx as a reverse proxy. And im using ssl/tls from letsencrypt.
I found this ip in my access.log from Nginx.
83.97.73.87 - - [10/Nov/2023:12:20:35 -0300] "GET /_ignition/execute-solution HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
83.97.73.87 - - [10/Nov/2023:12:23:23 -0300] "GET / HTTP/1.1" 200 615 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
83.97.73.87 - - [10/Nov/2023:12:45:26 -0300] "GET / HTTP/1.1" 200 615 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
I look for that ip and it seems that is a BAD IP!!!
Look https://www.abuseipdb.com/check/83.97.73.87
Im fine or i need to do something to avoid this?!
Im safe or this could made something to my server?
It’s a bot trying to scan for an exploit for Laravel (a PHP framework). You’ll see thousands of those types of scans drive by every day. Welcome to the Internet. Last time I deployed a new server online it took about 2 minutes for the first one to come knocking.
You can use something like Crowdsec to block this, or some other solution if you want to keep your services on the internet via a proxy.
Alternatively, if you’re the only user, don’t host them on the Internet directly, but hide them behind a VPN.