I have that problem, that my server is flooded with some kind of requests as you see it here:
26/Jan/2022 66.240.205.34 "Gh0st\xad" "-"
26/Jan/2022 139.162.145.250 "GET 400
26/Jan/2022 20.52.27.176 "GET 301
26/Jan/2022 20.52.27.176 "GET 200
26/Jan/2022 83.136.32.58 "HEAD 200
26/Jan/2022 109.237.103.9 "GET 301
26/Jan/2022 109.237.103.9 "GET 404
26/Jan/2022 109.237.103.9 "POST 301
26/Jan/2022 151.236.221.164 "GET 301
26/Jan/2022 151.236.221.164 "GET 200
26/Jan/2022 109.201.39.230 "GET 301
26/Jan/2022 109.201.39.230 "GET 200
26/Jan/2022 109.201.39.230 "GET 404
26/Jan/2022 176.100.125.164 "GET 301
26/Jan/2022 178.79.170.11 "GET 200
26/Jan/2022 92.118.160.29 "GET 301
26/Jan/2022 103.248.35.132 "GET 301
26/Jan/2022 157.55.39.72 "GET 200
26/Jan/2022 207.46.13.231 "GET 301
26/Jan/2022 207.46.13.231 "GET 404
26/Jan/2022 207.46.13.192 "GET 301
26/Jan/2022 43.131.23.42 "GET 301
root@web:/home/pi# awk '{print substr($4,2,11), $1, $6, $9}' /var/log/apache2/access.log
Is that good and server tell me that he blocked the a.s.s or are that bad news?
I also want to ask if there is any kind of reason for fear, because it is Singapore and other kind of countries, which send me that GET, POST, HEAD to my server. What would you do to have an easier way to read all that dangerous information? Maybe you have some tips for me how could I handle that security issues a little bit better and which kind of information would you looking for if you are a stand alone admin? Because it's hard for one man to handle all that stuff.
