I've been building an Authentication as a Service framework for over a year now. It started as a passion project, but after some posts went viral, I've noticed that my public-facing servers are getting probing requests more often. Common endpoints targeted include "/developmentserver/metadatauploader" and "/nmaplowercheck". While I have measures in place to block IPs automatically after one hit, many of these attackers use cloud instances that constantly change IPs. I'm curious about what other developers with public APIs do in response to such probing. Has anyone else seen a rise in these requests? What countermeasures have you implemented? Additionally, is there any way to report these probing incidents to help reduce cybercrime overall?
4 Answers
Probing from bots is just something you have to accept when running a web service. I protect my critical endpoints, especially authentication, with rate limiting and tools like fail2ban to block the worst offenders temporarily. Beyond that, I don't stress it too much.
Yeah, I'm curious about your fail2ban configurations too! What strategies work best for you?
Consider returning HTTP 418 responses or fake data to mess with those bots. They’ll get confused and give you peace of mind.
Great idea! You could even create a fake '/wp-admin' endpoint that responds with valid data to send them on a wild goose chase!
First off, definitely tighten up your security! Implement rate limiting and then just focus on building. You’ll find that probing is just a standard part of running any public service.
Absolutely, rate limiting is crucial. I've seen some people neglect it and only rely on access controls, which isn't enough.
While you can’t completely stop probing, there are services like DataDome that can help manage it if it escalates to a bigger issue.
That sounds solid! I feel more reassured knowing other developers face similar issues. How do you set up your fail2ban, and do you do rate limiting with something like Cloudflare?