Nextcloud version: 16.04
Operating system and version: Ubuntu 19.04
Apache or nginx version: Apache 2.4.38
PHP version: 7.2.19
Hello! This is not an issue with Nextcloud but I don’t know where else to ask this question.
For about a weak ago I started getting a lot of request from random IPs all around the world and it fills up my error log. Do I have to worry and what can I do to prevent it, and/or increase the security?
Example: “AH00126: Invalid URI in request GET …/…/etc/passwd”
Full Apache Error log: https://pastebin.com/jjV0Xsdg
Seems like it is bots trying whatever and hoping you got something misconfigured so they can steal credentials or access tokens. As to what to do? I would say not much, keep your OS patched, make sure permissions are set correctly, harden SSH (if exposed) and follow all the hardening options from the documentation. Bots will knock on your stuff and see what falls over if it is exposed to the internet. It might stop soon if they don’t have any success. I had a barrage of SSH attempts for about two weeks, then it stopped.
You could put everything behind a VPN if you really want to, but you will loose functionality. Fail2ban might also be a thing to consider, as well as blacklist IP blocks geographically, but it won’t stop everything if there are IPs from all over the place/from where you would expect logins