Malicious port scanners and automated CMS vulnerability scripts introduce heavy processing loads on public servers. This article demonstrates how to intercept and drop scanner probes statelessly using Express middleware.
Stateless Request Dropping
Instead of routing invalid/malicious scanner requests through templating pipelines or database lookups, our global Express middleware checks for known exploit strings (e.g. .php patterns, wp-admin probes, or xmlrpc endpoints). If detected, the request is immediately dropped, conserving server memory and CPU cycles:
app.use((req, res, next) => {
const path = req.path.toLowerCase();
if (path.endsWith('.php') || path.includes('/wp-admin') || path.includes('xmlrpc')) {
console.log(`Blocked scanner request: ${req.method} ${req.url}`);
return res.status(404).end(); // immediate socket close
}
next();
});
Operational Security Benefits
By handling bot mitigation directly at the application boundary, we guarantee that exploit scanners never exhaust node thread availability or saturate database connection pools. This stateless filtering maintains application availability for valid client traffic.
