You’re not a “target” as much as you are “a thing that exists.” These aren’t targeted attacks.
That said, you can look into adding some additional measures to your webserver if you haven’t already, like dropping connections if a client requests a location they shouldn’t, like trying to access /admin, /…/…, /.env, and so on.
On nginx, it could be something like:
location ^/\.|)/admin|/login {
return 444;
}
Of course, that should be modified to match whatever application you’re actually using.
You’re not a “target” as much as you are “a thing that exists.” These aren’t targeted attacks.
That said, you can look into adding some additional measures to your webserver if you haven’t already, like dropping connections if a client requests a location they shouldn’t, like trying to access /admin, /…/…, /.env, and so on.
On nginx, it could be something like:
location ^/\.|)/admin|/login { return 444; }Of course, that should be modified to match whatever application you’re actually using.