When I check nginx access.log, unknown HEAD requests come in periodically

Question

First, I use the server environment:

1. sever: nginx + uwsgi + django app, docker + AWS ECS deploy
2. celery: rabbitmq ec2
3. cache: redis ec2

Answer 1

This is a very typical request pattern from the vulnerability scanning tool ZmEu. Long story short a hacker is running an automated tool that is trying to find a vulnerable installation of PHPMyAdmin on your system, to exploit it in order to gain root access to your system. It doesn't even matter that you don't have PHPMyAdmin on your system, they will still make requests just to test and see if you do because its cheap to do so, and if they do find something to exploit they can get into your server to steal data or use it for nefarious purposes.

Unfortunately this is just the cost of having a server on the internet, people are constantly running automated scanning tools against any server they can reach, trying to find ways to hack into it and take it over.