I'm a full stack developer with a day job working on a secure in-house server, but I've taken on a side project using a DigitalOcean VPS for development. Recently, I noticed an unusually high amount of traffic trying to access common vulnerable files and paths (like "/.env", "phpinfo", and "wp-admin"). Out of curiosity, I created a simple tool to blacklist these suspicious IPs and, shockingly, I've already collected 44 IP addresses in less than a day. I've heard that DigitalOcean IPs are often found on blacklists due to malicious activities, but I'm curious if this level of traffic is typical for a VPS provider like DigitalOcean or if I should be worried about these attempts. Any insights or experiences would be appreciated!
3 Answers
If you’re getting that much traffic, putting Cloudflare in front of your server could save you a lot of headaches. We noticed a massive drop in bad requests after implementing it—sometimes reducing daily traffic by hundreds of thousands of requests!
Yeah, this kind of traffic is pretty normal. When you put a server online, especially on a public provider, you can expect to get hit with all sorts of malicious requests. It’s just part of the online landscape these days. I recommend securing your server with SSH key authentication and setting up a few firewall rules. You might also want to look into using Fail2Ban to keep an eye on your logs and to block any suspicious activity.
Totally agree! Setting up NGINX as a reverse proxy can also add another layer of security.
It's pretty common, honestly. The internet can feel like the Wild West sometimes! But you can take precautions like putting a Web Application Firewall (WAF) in place and using tools like Fail2Ban to quickly block those pesky IPs trying to probe your server.
Exactly! Adding Cloudflare to the mix can help filter out a lot of that noise.
Great tip! Definitely worth considering for anyone managing a server.