Code:
2017-01-16 04:15:00 Access 89.133.235.113 301 POST /xmlrpc.php HTTP/1.1 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1 178 nginx access
Code:
2017-01-16 04:15:01 Error 89.133.235.113 405 GET /xmlrpc.php HTTP/1.1 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1 53 nginx access
as you can see, those entries are 1 second apart. And really, that is just an example of the entries I see...
I know those are just bots, spammers, hackers, etc. looking for holes or exploits on my sites, etc. etc.
My plesk Onyx server:
OS CentOS Linux 7.2.1511 (Core)
Product Plesk Onyx
Version 17.0.17 Update #12, last updated on Jan 13, 2017 12:24 PM
I have WAF with atomic rules updated daily, but trying to install ASL (so far, can't get ASL installed, but trying)
anyway, what do you do when you see 100s or 1000s of entries similar to the above?
a) nothing --- as they are not getting in and can't be prevented/stopped
b) hoping they don't get in
c) most are ignored, but some extreme cases the IP is blocked
d) XYZ software is installed and my plesk is secure enough
e) ABC is done to block, prevent, or stop problems
I'm hoping, but don't know until installed, that ASL will give me the tools and a way to deal with these type of issues, MUCH more easily than I do now. That is my goal.
QUESTION -- when these entries or accesses to my vhost domains occur... (say many across multiple domains)... does that effect server performance?
thoughts on what you do for stuff like this?
thanks!