I can confirm that my logs show the same thing. It's been happening for a short while now. Thank you very much for sharing your script. I have just been letting fail2ban deal with it but this is a better remedy I think.
Thank you again! -E
Warmest Regards, Eric
________________________________ From: arch-general email@example.com on behalf of Juha Kankare via arch-general firstname.lastname@example.org Sent: Tuesday, February 26, 2019 10:06:47 AM To: email@example.com Cc: Juha Kankare Subject: Re: [arch-general] HTTP spam from China
On 26/02/2019 14:40, Juha Kankare via arch-general wrote:
I'm getting a lot of connections from China it seems. Whenever I check my journalctl, it's an andless wall of nginx complaints about a single ip spamming requests fro different php files. This happens with hundreds of ip's, and tens of times daily. Has anyone else been hit by this. I already made a shellscript to block all connections from China, but I'm curious as to why this happens, and if anyone else has had the same problem.
Anyways, I fixed my problem via a combination of fail2ban and this script: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbbs.archli..., so it isn't a problem anymore