I’ve just deployed a barebones Apache server on Digital Ocean, only hosting static files. No PHP et al.
I’m not too bothered to see random exploit attempts, but 99% of the requests are of this similar format and I’d like to know what they are trying to do.
The source IP is always changing, but the GET resource request is the same, as well as the user-agent. My server is under a constant 30kB/s public inbound (sometimes peaking at around 80kB/s) from this type of request.
I have written a .htaccess and I regex the user-agent for ‘wget’, and direct the request to a 403. Very noob at this but I feel like that was possibly redundant.
18.104.22.168 - - 14/Feb/2021:09:10:07 +1100) "GET /index.php?c=update&a=patchsum&product=BTFLY-A&ver=1.3.0 HTTP/1.1" 403 407 "-" "Wget/BTFLY/xffxffxffxffxffxffxffxffxffxffxffxffxffxffxffxffxff
There is no index.php on my server, but I’m still curious nonetheless about how concerned I should be.