nodejs - blocking php script exploit attempts

Question

I have a lot of requests for php exploit files and would like to 'handle' them.

GET //phpMyAdmin/scripts/setup.php 200 42.452 ms - 3703
GET //phpmyadmin/scripts/setup.php 200 43.431 ms - 3703
GET //pma/scripts/setup.php 200 47.159 ms - 3703
GET //myadmin/scripts/setup.php 200 44.524 ms - 3703
GET //MyAdmin/scripts/setup.php 200 63.237 ms - 3703
GET //scripts/setup.php 200 75.063 ms - 3703
GET //admin/scripts/setup.php 200 43.158 ms - 3703
GET //db/scripts/setup.php 200 55.091 ms - 3703
GET //myadmin/scripts/setup.php 200 39.229 ms - 3703
GET //mysql/scripts/setup.php 200 38.401 ms - 3703
GET //mysqladmin/scripts/setup.php 200 41.768 ms - 3703
GET //phpadmin/scripts/setup.php 200 46.766 ms - 3703
GET //pma/scripts/setup.php 200 40.464 ms - 3703
GET //web/scripts/setup.php 200 42.858 ms - 3703
GET //blog/phpmyadmin/scripts/setup.php 200 45.144 ms - 3703

So I would like to close the connection upon such requests so that the requester thinks the server does not exist and won't try again:

  app.use(function(req, res, next){
    if(req.originalUrl.indexOf('.php') !== -1) res.set("Connection", "close");
    else next();  
  })

Is this the best way to handle this ?

Answer 1

Better to return a 404. It's more likely the bot won't keep trying.

app.use(function(req, res, next){
    if(req.originalUrl.indexOf('.php') !== -1) {
        res.status(404).send('Not found');
    }
    else {
        next();
    }
})

If you're seeing the same IP addresses hitting you over and over, and assuming you're on a Linux machine, you might consider manually adding the IPs to /etc/hosts.deny which will block them before they reach your node server.