Have a small hobby Next.js 14 site. Sorting data I found 40,000 monthly 404’s in the vercel Usage tab. Looking at the Top Paths it’s obvious the site is being hit by bots trying to attack php files and wordpress directories. I have neither on the site.
I am new to firewall management and was wondering if I could get some tips or improvements on what I have done?
In Firewall Rules I have created 2 rules.
RequestPath → MatchesExpression → .php$|.php7$|.aspx$
RequestPath → MatchesExpression ->(wp-content|wp-admin|wp-login|wp_content|wp_login|wp_admin|cgi-bin|wp-includes|wp_includes|wp-trackback|wp-feed)
I did it this way because I noticed some bots were requesting /wp-content/ in the path without the php extension. Doing this I am able to deny approximately 1,000 requests a day.
I am asking for feedback on what to block because on the hobby plan I can only see the top 1,000 paths in the Usage tab. I don’t think there is any way for me to see a days worth of logs to look for attack vectors. The first 1,000 Top Paths is always flooded with php attacks because even though I am denying the requests they are still logged into Top Paths.
Essentially, I cannot identify any attack vectors beyond PHP/Wordpress-based attacks to block.
Are there other attack vectors I should consider denying? I denied the .aspx extension in the rules because, I though, surely there are bots attacking that extension. I have never seen it in the top paths though.
Thx,
earl