why nodejs server receive a lot of unknown php/wordpress requests?

Question

i start my first project with nodejs on the production mode and published on the web. after that the server receive a lot of unknown [php, wordpress, ...],from different IP addresses requests like:

GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 200,

GET /?XDEBUG_SESSION_START=phpstorm 200,

POST /mifs/.;/services/LogService 404,

GET /console/ 200,

GET /_ignition/execute-solution 200,

POST /Autodiscover/Autodiscover.xml 404,

GET //login_sid.lua 200,

GET /wp2/ 200,

GET /new-site/ 200,

and last one was:

GET /.env 200!

is that mean, my .env secret file was stolen? A lot of requests was with 200 status!

and how to prevent or blok them?

Thanks

Answer 1

why nodejs server receive a lot of unknown php/wordpress requests?

PHP is a very popular programming language which has been used to write a lot of web applications, many of which have had security vulnerabilities.

Attackers take a scatter bomb approach to find sites to exploit and hammer sites with known exploits to see if they are running software vulnerable to those exploits.

If you aren't then you don't have anything to worry about.

is that mean, my .env secret file was stolen? A lot of requests was with 200 status!

We have no way of telling, from the information you've provided, what page your site is serving up for those URLs.

It's a 200 OK response so you are saying that something is there.

The easiest way to find out if that is your .env file is to request the URL yourself and look at the response.

and how to prevent or blok them?

Generally speaking, you don't need to worry about it, but you could write code so that when URLs which could only be exploit attempts are requested the IP gets blacklisted.