I am getting weird GET requests on my (non php supporting) web server for some curious looking php files. Was just wondering whether these are harmless requests of certain browser tools or attempts from a crawler to find flaws / misconfigurations in php web servers. Got me a little worried. And in case it is an attempt to find vulnerabilities, what actions would you recommend I take.
A part of the log is in the screenshot. (Note: the IP-Address from which the requests have been sent is the local IP of a reverse proxy in my server network)
[3/2/2022, 7:04:49 PM] ::ffff:172.19.0.4:52954 [GET] /x.php
[3/2/2022, 7:04:49 PM] ::ffff:172.19.0.4:52962 [GET] /wso.php
[3/2/2022, 7:04:49 PM] ::ffff:172.19.0.4:52964 [GET] /srx.php
[3/2/2022, 7:04:49 PM] ::ffff:172.19.0.4:52968 [GET] /1337.php
[3/2/2022, 7:04:49 PM] ::ffff:172.19.0.4:52970 [GET] /xx.php
[3/2/2022, 7:04:49 PM] ::ffff:172.19.0.4:52972 [GET] /XxX.php
[3/2/2022, 7:04:49 PM] ::ffff:172.19.0.4:52978 [GET] /leaf.php
[3/2/2022, 7:04:49 PM] ::ffff:172.19.0.4:52986 [GET] /leafmailer2.8.php
[3/2/2022, 7:04:49 PM] ::ffff:172.19.0.4:52988 [GET] /bb.php
[3/2/2022, 7:04:49 PM] ::ffff:172.19.0.4:52992 [GET] /m.php
[3/2/2022, 7:04:49 PM] ::ffff:172.19.0.4:53006 [GET] /Lux.php
[3/2/2022, 7:04:50 PM] ::ffff:172.19.0.4:53010 [GET] /haxor.php
[3/2/2022, 7:04:50 PM] ::ffff:172.19.0.4:53014 [GET] /shell.php
[3/2/2022, 7:04:50 PM] ::ffff:172.19.0.4:53016 [GET] /qindex.php
[3/2/2022, 7:04:50 PM] ::ffff:172.19.0.4:53018 [GET] /alex.php
[3/2/2022, 7:04:50 PM] ::ffff:172.19.0.4:53024 [GET] /1.php
[3/2/2022, 7:04:50 PM] ::ffff:172.19.0.4:53026 [GET] /wp2.php
[3/2/2022, 7:04:50 PM] ::ffff:172.19.0.4:53030 [GET] /wp.php
[3/2/2022, 7:04:50 PM] ::ffff:172.19.0.4:53032 [GET] /stindex.php
[3/2/2022, 7:04:50 PM] ::ffff:172.19.0.4:53036 [GET] /lf.php
Log of web server requests
