Tip: avoid spam - rejetto/hfs GitHub Wiki

You may have found your error log filled with 404 errors about strange requests that seem like hacking attempts. Well, they are basically harmless, as they are bots (not humans) probing for bugs of other http softwares. It's cheap for them to just try, and they do it on every IP address, one by one, and so they get to you.

While this activity is hardly a security threat for your HFS server, you are better without, so you'll save CPU, bandwidth and you may even avoid a real attack if a security hole is discovered for HFS itself.

One easy way to avoid most of these requests, is enable "Accept requests only using domain".

This can be effective because the bots (normally) don't know your domain. It is even more effective if only a restricted group of people know your domain.

Another way to get less unwanted traffic is to not use standard ports, but uncommon high ports, a random number between 20000 and 65000.