I check the Nginx error log file regularly. I noticed that a lot of attempted accesses to favicon.ico coming from mainland China.

They come from different IP addresses and with different User Agents.  Each of these IPs is only doing this, sometimes repeatedly.

They are just waste my server’s time and CPU.  How to stop them or reduce the effect on my VPS.

At the last I know why they do it and how to handle it.

Why they do it?

There were some exploits recently that used a favicon file that was maliciously uploaded. Likely this bot is trying to see if the server or site have it.

There is also another possible reason. It may from GFW.

 

How to handle these request?

I would like to just ignore them or block them when the IP try to access following URL.

/view/img/favicon.ico
/3/favicon.ico
/2/favicon.ico
/home/favicon.ico

Depend on the web server you use or the service you use, there are a lot of ways to do it.

Here is a sample of Nginx config to drop the connection to /2/favicon.ico

location = /2/favicon.ico {
return 444;
}

 

David Yin

David is a blogger, geek, and web developer — founder of FreeInOutBoard.com. If you like his post, you can say thank you here

Leave a Reply

Your email address will not be published. Required fields are marked *