0

So I just bought a shiny new VPS and I've installed a LEMP stack (NGINX) and WordPress. It's been up for a couple of days now and I decided to browse the access logs. Inside, I found several rather concerning log entries similar to below:

[IP address redacted] - - [09/Mar/2016:22:28:02 +0100] "GET [foreign domain name redacted] HTTP/1.1" 200 41 "[same foreign domain name again, redacted]" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"

Now I understand that any public-facing server is inevitably bound to be inundated with script kiddies probing for vulnerabilities.

However, I find the 200 response code to be concerning. Am I correct to think this?

What are they doing, why are they doing it and how? Above all, how can I prevent it?

728883902
  • 121
  • 2
  • The server has given a 41-byte 200 OK answer. If you connect to your server and do the same GET request, what does it say? – tlund Mar 04 '16 at 21:03
  • Sorry for a potentially stupid question @tlund... But how exactly do I do that? Do I cURL from my PC? `curl --proxy http://:80 http://yahoo.com` I ran that command which returned the index.html file from default vhost on my server - which is just a H1 tag of 39 bytes. – 728883902 Mar 04 '16 at 21:44

0 Answers0