How to block potential attackers on my server

To keep it brief and simple, I will go straight to the point. It seems a bunch of ip adresses are trying to access files that have potential of containing sensitive server information on my website which is still in the development phase powered by Linux and apache2 and am increasingly getting apache2 error logs of some IPs trying to access files that don't even exit on my server.

Here's some of the logs

[client 103.153.76.212:64595] script '/var/www/websites/example.com/xmlrpc.php' not found or unable to stat
[client 45.146.164.110:56158] script '/var/www/websites/example.com/index.php' not found or unable to stat
[client 5.188.210.227:31411] script '/var/www/websites/example.com/echo.php' not found or unable to stat
[client 45.146.164.110:32824] script '/var/www/websites/example.com/index.php' not found or unable to stat
[client 128.199.2.210:55528] script '/var/www/websites/example.com/system_api.php' not found or unable to stat
[client 117.50.90.31:43096] script '/var/www/websites/example.com/wp-login.php' not found or unable to stat
[client 143.198.136.88:39108] AH01630: client denied by server configuration: /var/www/websites/example.com/server-status
[client 143.198.136.88:39688] script '/var/www/websites/example.com/info.php' not found or unable to stat
[client 45.146.164.110:34004] script '/var/www/websites/example.com/index.php' not found or unable to stat

I have switched out my site with example.com but you get the picture plus I did some digging on those ip addresses and got absolutely nothing though I ip showed as being owed by some Russian ISP.

So obviously whoever is doing this is checking for vulnerabilities but I wanna automatically block those ips. Is there an Apache2 module, php or python script that I can use to achieve this..?

Automated probes continuously check large parts of the internet trying to determine what your server is running, what software powers it and which versions.

Some of those probes are for valid research purposes and others are less benign and a precursor to attempts to exploit known vulnerabilities in the software.

When your server and software is kept up to date and patched that is more of a nuisance than a big security risk IMHO.

In general the tooling to detect such probes is an ”intrusion detection system” or IDS which is often coupled with an ”intrusion prevention system”.

Wikipedia list a bunch suitable tools in the IDS entry, a common choice in this scenario is fail2ban

When your development system is public and online rather than blocking specific "bad IP-addresses" the common approach is the opposite:

• a blanket "deny all" on all IP-addresses
• grant access to only the limited number to "known good IP-addresses" that currently need access.

Deepening on where your system is hosted that can be achieved with

• an access policy enforced in an external firewall and/or with security groups
• by access policies on the server itself:
  • a host based firewall
  • application specific access controls, either based on IP and/or other authentication, like in Apache: https://httpd.apache.org/docs/2.4/howto/access.html

Note that with the latter, when the application enforces the access control policy, usually those actions will still be logged and recorded in your applications log files.