Hello, I have found strange requests in my server logs. I have not much experience how to handle this and if I should be worried and I guess this is fairly common.
The requests were like this:
this seem like some standard word press searching for known vulnerabilities, but also some serious remote executions.
I have Debian (patched regularly) with Nginx and some web apps under proxy if it helps. No wordpress or PHP from my part.
I have firewall set, but obviously I have some ports open.
1. Should I be worried?
2. How can I find if some damage was done?
3. How can I prevent these attacks? Get some blacklist and block them, ban that IP address?
4. Would it be useful for internet provider to let them known about time and IP address of those attempts? I know this want stop attackers…