All:
Just for information
I am seeing a lot of probing on servers I run publically for:
wordpress login page
dotfiles - (for non unix people those are files that start with a period
that do not show with ls unless you use -a)
e.g.
env
git
awscredentials
For the later if you run nginx as the gatekeeper you may find this
stanza useful
location ~ /\..* {
return 444;
}
It matches any dotfile and instructs nginx to just drop the connection
without responding at all. If you use letsencrypt you will have to also
use a match on
location /.well-known/acme-challenge {
to allow certificate renewal.