HACKER Q&A
📣 zffr

Is it normal to get 100-200 req/day to an un-launched side project?


For fun I've been working on a tiny side project [1]. I haven't told anyone about it yet, but I'm seeing about 100-200 random requests / day in my nginx logs (does not include traffic from me, or search engine bots).

Most of the traffic seems to be from dumb bots that keep trying the same few PHP exploits on my server over and over. Other traffic seems more custom and looks like it is from someone trying to "hack" into my server using known exploits on common platforms like Wordpress. A few requests look like genuine users stumbling across the website. One person even made an account!

Is this kind of traffic normal for an un-launched side project?

I was expecting my nginx logs to be completely empty except for the few requests I'm making for testing. I was very surprised to see this amount of traffic considering I've never posted the URL publicly. This is one of my first website side projects so I really have no baseline for what is normal.

[1] Here's the URL in case anyone is interested: https://wordz.io. I wonder if the extra traffic is because the domain name is relatively short and is a common mis-spelling of a common word. The project is just for fun, and not done yet.

  👤 rapnie Accepted Answer ✓
I'd say this is normal, but probably depends where you are hosted. E.g. IP address ranges belonging to AWS are heavily monitored (I had an idle nginx + docker + gitea EC2 hacked due to not updating for a while). Other software, like Wordpress, may notify other servers about blog posts you create, drawing organic traffic that way.