A few months ago, I spun an AWS EC2 instance to deploy this static blog on the EC2 instance for practice. It was in progress and I put the static files of this blog on the website, and until today, I hadn’t checked on the instance. Today, I accessed my EC2 instance to work on it and I noticed my nginx server went down:
systemctl status nginx
Then the following status appeared:
× nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Fri 2025-02-07 06:41:29 UTC; 2 days ago
Duration: 2month 9h 57min 51.127s
Docs: man:nginx(8)
Process: 257343 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
CPU: 5ms
To check why nginx failed, I accessed /var/log/nginx/ directory and I saw several access logs and I saw one log file that was created on the same day of the nginx server failure. To my surprise, the log was full of attempts to get any .env or configuration files in potential directory paths:
"GET /.env HTTP/1.1" 404
"GET /APPLICATION/.env HTTP/1.1" 404
"GET /BACKEND/.env HTTP/1.1" 404
# many more...
This is my first time to actually see an evidence myself that there are bots and attackers trying to scan websites on the Internet. I put down my static websites for now and will look into nginx configuration to ensure there is nothing important and to protect from future malicious requests.