FastAPI is running on EC2. The service is published on 0.0.0.0/0 with a single Port number.

There are multiple accesses with directory names unrelated to its own service. What should I do in such a case?

Is this a common occurrence and is it something I should be concerned about?

CodePudding user response：

This type of traffic is perfectly normal on the Internet.

In fact, if you were to look at the logs on the network router in your home (which connects you to the Internet), you will see hundreds of such attempts every day.

These requests are coming from automated scripts ('bots') running on the Internet. They attempt to take advantage of known security vulnerabilities to gain access to your systems. This is why it is generally a good idea to keep software up-to-date and to limit the number of ports that are opened to the Internet.

WordPress sites are often targets of bots since people do not keep them updated. You will often see requests in your logs that are trying WordPress vulnerabilities, even though you are not running WordPress. The bots just try everything, everywhere!

For a web server, you need to open ports 80 (HTTP) and 443 (HTTPS), but any other ports should be kept closed, or perhaps only opened to a specific range of IP addresses (eg for your home/office).

What should you do?

• Only open ports that are strictly necessary, and limit the IP address range if possible
• Keep software updated
• Live with it -- it's a fact of life on the Internet