Securing against scans [duplicate]

I have a VM which is exposed to the internet. I can see a lot of scans for /azenv.php, /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php and like in my server logs.

  1. How do I protect from these scans?
  2. Am I being targeted for a hack?
  3. Is this a concern at all?