Suspicious requests to my site

My site is primarily used as a email domain, with redirects to other sites via subdomains (such as a portfolio, etc), I should be getting little to no traffic. Recently I noticed a giant surge in requests coming from; Russia, China, Vietnam, the US, etc. With this information, I’ve turned on bot protection, only allowing https requests, as well as temporarily redirecting my domain to a program that enables me to see individuals’ IPs and UserAgents.

Now, as I mentioned earlier, my site is only used for an email domain and redirects, these requests are being made to specific subdirectories and ports like “mysite.xyz:8080”, mysite.xyz/wp-login.php", etc., which is quite odd, the IP’s don’t flag as bots either.

I’ve posted some images here if you’re interested.

Do y’all have any suggestions on what this could be, or what I could do to mitigate these requests? Thank you.

It may be your Universal SSL certificate just renewed. That usually triggers a load of bots to make requests to a site as certificate issuance is public and they pick up domains from there.

Cloudflare has extra ports open on the edge, so that’s why you are seeing those requests…

Paths like wp-login.php are used by Wordpress and often subject to exploits so bots will try those to see if the exist, are exposed and vulnerable.

If you don’t have those paths, your server will just 404 for them, or you can block such requests with the WAF.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.