I recently put up a VPS on Digital Ocean to run a Python API. It's running nginx which is directing the traffic for my site to a docker compose set of containers, namely an nginx container pointing to a python container. The server's only been up about a month, but I'm seeing a lot of bot traffic, trying to poke at common vulnerabilities (various Wordpress vulnerabilities, attempts to find .env files that are readable, etc). It's nothing insane, and all the attempts fail, since it's just exploratory and I don't have those common vulnerabilities on my setup, but I also don't know how to protect against it.

The main issue right now is it's making my logs useless, so I don't know when a bug is actually occurring. I know one thing I can/will be doing is splitting up my logs to be more readable, but what can I do/what can I learn to help minimize these exploratory requests? My first thought is block the IP addresses, but I know that will have little effect. Right now I'm passing every request (any URI that gets requested) that comes in to my python server, and I can limit that to help reduce, but then I have to be careful on that front as well (right now I'm just running an API, but I have other servers that run frontends). I'm more a backend and would love advice on how to proceed/learn some stuff for this side of server management.