I have a system running on symfony 3.4. Recently I get a lot of requests testing a list of urls like the following:
/.well-known/assetlinks.json /admin/ /data/admin/allowurl.txt /demo/downloader/index.php /demo/errors/503.php /demo/index.php/admin/ /demo/rss/catalog/notifystock /demo/rss/catalog/review /demo/rss/order/new /dev/downloader/index.php /dev/errors/503.php /dev/index.php/admin/ /dev/rss/catalog/notifystock /dev/rss/catalog/review /dev/rss/order/new [...]
They are coming from the same ip address, using python:
Ip: 220.127.116.11 User-agent: python-requests/2.9.1
My guess is that someone is trying the system to find access points to known vulnerabilities.
Now my solution to this problem would be to block that ip address from accessing any files on my server.
- Is that a good idea / solution?
- Does anyone have similar problems and knows a better solution / how to get rid of these calls?
- How can I implement an ip blocking in symfony 3.4?
Source: Symfony Questions