Score:0

A certain IP keeps trying enpoints in my API such as `/.env`, `/info.php`, `/.env.production`, etc. Should I blacklist it?

tg flag

I deployed my first ever internet service recently (AWS). As I expected, I started getting these "internet robots".

I noticed one in particular that keeps trying the endpoints mentioned in the title, as well as the root "/", which works. But it bugs me that this is using my resources, and I expect more to come. My question is:

  • Is it worth it to manually block this one IP?
  • What are the best ways to automatically safe-guard my app from these "bots"? (I am using AWS EC2+ECS)
Tim avatar
gp flag
Tim
Yes, might as well. You will eventually notice this coming from many, many IPs. I use CloudFlare and have fail2ban automatically adding bad actors to the CloudFlare firewall https://www.photographerstechsupport.com/tutorials/protecting-amazon-linux-server-fail2ban-cloudflare-wordpress/
Tim P avatar
af flag
You will never block 100% of the traffic, so never assume your site will be safe with blocking. However blocking can reduce the noise. If it is a single server or a small install, fail2ban is a good option. CloudFlare as a low cost option as well. These are going to be cheaper than the AWS way, which is AWS WAF. AWS WAF will scale better, but will cost more. I'm not sure about ECS, but to use WAF with EC2 you need a load balancer (which adds further costs). I will say that once WAF becomes a viable option it works fairly well.
Bersan avatar
tg flag
is fail2ban something I install on the EC2 instance? I checked CloudFlare website but it seems they have many different solutions, I got a bit lost
Tim avatar
gp flag
Tim
fail2ban is software you install on your instance. CloudFlare is a service that does DNS for your website and blocks some bad actors.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.