Saturday, 8 June 2019
16:28
I’ve been neglecting this the past couple of weeks. Most of my free time has been spent tidying up and tightening things on the Linode server.
The biggest problem the past week has been automated scans looking for holes in the system. Primarily, looking for phpMyAdmin, which I haven’t installed; I don’t need it. I don’t use MySQL, though I have installed it, just in case.
Perhaps these scans should just be ignored, but at times, they’re effectively leveraging a DDoS attack as they request hundreds of pages in a few seconds. At first I tried using an Apache module to deter the scans, but this still ties up server resources. Ultimately I turned to Cloudflare, who will try and bounce any requests for .php files. Since I don’t use PHP, even I don’t get caught in the net.