Mass CONNECT Requests from Malicious Domains and IPs

I am hosting an NGINX server at home. I have two websites. My internet has been feeling a little slow recently, and I decided to tail my access.log.
I see many connect requests from suspicious domains, some having to do with proxies and others such as eBay or Amazon.
Some of these suspicious domains are

  • free.proxy-sale.com
  • chek.zennolab.com/proxy.php
  • ipinfo.io
  • steamseries88.com
    Do not forget these are likely malicious websites, do NOT click on them
    I recently switched to Linux. I was originally running an XAMPP server on Windows. I installed MalwareBytes on that machine, and it was blocking many requests.
    I am anxious about my server and hope that it is not being used for malicious intentions.
    What I’m looking for is
  • A way to stop the CONNECT requests
  • Decrease incoming traffic for how small my website is (700 visitors in the past 30 websites is far too much for how much I advertised it)
    If it helps at all with the issue, I am hosting a Minecraft server on port 25565 and a spacebar.chat instance.

Another thing I forgot to mention was I do have that built in Xfinity xfi “firewall stuff.” It recently blocked ~10 requests to malicious websites when I was still using Windows. I switched over to Linux and those requests have shrunk. I still see one warning with “Suspicious Site Visit,” which is still much lower than what I was receiving before.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.