I check the Nginx error log file regularly. I noticed that a lot of attempted accesses to favicon.ico coming from mainland China.
They come from different IP addresses and with different User Agents. Each of these IPs is only doing this, sometimes repeatedly.
They are just waste my server’s time and CPU. How to stop them or reduce the effect on my VPS.
At the last I know why they do it and how to handle it.
Why they do it?
There were some exploits recently that used a favicon file that was maliciously uploaded. Likely this bot is trying to see if the server or site have it.
There is also another possible reason. It may from GFW.
How to handle these request?
I would like to just ignore them or block them when the IP try to access following URL.
/view/img/favicon.ico
/3/favicon.ico
/2/favicon.ico
/home/favicon.ico
Depend on the web server you use or the service you use, there are a lot of ways to do it.
Here is a sample of Nginx config to drop the connection to /2/favicon.ico
location = /2/favicon.ico { return 444; }