Hi all,
I do no that the support area is not ment to ask basic admin questions. But I’m very concernd in regards of the security of my machine - so I would highly approucheade some help.
I run into some problems with my firefly app and to while searching for the cause I saw in the nginx-logs some foreign IP-adresses (checked it with an website). So my main question is: are entries in the /var/log/nginx/access.log showing login attempts or are this successfully logged in processes?
And if those are only attempts shouldn’t there be a fail2ban rule for them?
It really depends on what app exactly you are talking about and what’s exactly in the log …
It’s expected and fine that some foreign IP visit your website because of search-engine crawlers and bot and whatever (pretty much the equivalent of "yes, you bought a house, and people are walking in the street in front of your house, and some of the people are stopping to say “whoa, what a nice house” - no need to call the cops for that)
What’s worrysome is if there are actual login attempts and successful login attemps, but can’t really say much without having an actual piece of log …
Hi @Aleks
Thanks for the quick reply. Here are the actiall logs hastebin
My Ip adress is http://84.156.209.222 everything else is from africa, china or north-germany (I’m from the south)
Wokay and do you have some lines you’re concerned about in particular …? I can’t see anything particularly really suspicious (there a few “buggy” requests related to the ynh panel etc, it’s really noisy and we should fix it at some point, but that doesn’t really prevent things from working)