Suspicious Apache Status requests

Hello,

on new server I see lot of requests in "Server status" > "Apache status" with :

GET /logos/NEW%20LOGOS/usa%20cmt%20hd.png HTTP/1.1

on my.nameserver.com:80 (vhost)

What is it ? and how can I block these queries if there illegimate traffic ?

Thank you for you replies.
Eric

 

Thank you GOT

It's return 404

 

Thank you Got. I will try your solution.
Eric

 

The solution with CSF doesn't work directly.

I created a modsecurity rule based on this : mod security rules to block get requests by url

SecRule REQUEST_URI "/logos/NEW%20LOGOS/" "deny,id:18478,phase:1,status:411,msg:'logos'"

The IPs are blocked in CSF denylist and I have hundred IP in list and is growing up...

I don't know what is better :
- try to block this traffic
or
- nothing ?

Eric

 

Hello Michael and thank you for your reply !

The trouble (for me) is this traffic come to my.servername.com
There isn't script, website, on it.
cPanel recommendation (if I'm not mistaken) is that the subdomain should not be created for the name server on the server.

Exemple of request :

http/1.1 my.nameserver.com:80 GET /logos/NEW%20LOGOS/usa%20el%20ray%20network%20hd.png HTTP/1

All this traffic come from USA (and I can't block US country in CSF)

At this time I have 3020 IPs in my CSF denylist.
I don't know how much IPs is possible to block with CSF (server with 128 Go of ram)

With the modsecurity rule, I don't have load issue.

I hope this will stop by itself !

Eric

 

Hi Michael,

it's always different IP addresses.

Exemples :

- Removed no need here -

Thank you