I just checked logs on one of my EC2s VMs and found a lot of calls, seemingly from a bot which checks for vurnabilities via a chinese IP address and some Microsoft AZURE Cloud VM. I am running a node.js express application on that VM.
Can someone explain to me why those calls have 302 codes?
GET /phpmyadmin/ HTTP/1.1" 302 55
GET /.env HTTP/1.1" 302 47
Exemplary, when I call the last request, the logs show me the following:
GET /.env HTTP/1.1" 404 33
I am a little paranoid, even though its all in an open dev environments. I just found out that a junior dev of us, committed an env file into the open dev enviroment, since gitignore only filtered for .env not env, which it was called since he forgot the dot.
After some more analysis I found out, that the logs are allways showing HTTP even though the call is placed with HTTPS.
The Bad Bots seem to try to call those methods via HTTP, which calls in my configurations would be redirected to HTTPS by the proxy nginx in regular cases.
The bots are either to badly written to follow up the redirect or it is a measure against some anti-bot measurements.