spam - What do you do with Django SuspiciousOperations? -
i've set 2 django apps production , set debug=false first time ever.
i'm getting emails errors have occured - errors far suspiciousoperation errors , due fact something/someone hitting site using ip address rather url. not have ip address listed in allowed_hosts never expecting visit site using this.
what normal thing in situation? should adding ip address list of allowed_hosts , perchance missing error when genuinely suspicious? or there way filter these out? normal practice here? been live 2 days , have 20 emails. should live it?
some of requests shodan hq bots worries me little. below list of errors , set each remote_addr incidents.org seek , find more info listed below. 2 servers have similar ip addresses explains them beingness nail @ same time.
date-time server path remote addr name incidents.org 24/06/2014 06:30 server1 / 125.96.160.190 fibrlink beijing fibrlink networks co.,ltd.,cn 24/06/2014 22:05 server1 / 66.240.236.119 carinet, inc., - part of shodanhq bonnet perform net wide scans 25/06/2014 01:25 server2 /myadmin/scripts/setup.php 108.175.157.140 softlayer technologies inc., 25/06/2014 01:25 server2 /myadmin/scripts/setup.php 108.175.157.140 softlayer technologies inc., 25/06/2014 01:25 server2 /pma/scripts/setup.php 108.175.157.140 softlayer technologies inc., 25/06/2014 01:25 server2 /phpmyadmin/scripts/setup.php 108.175.157.140 softlayer technologies inc., 25/06/2014 01:25 server2 /phpmyadmin/scripts/setup.php 108.175.157.140 softlayer technologies inc., 25/06/2014 01:25 server2 /muieblackcat 108.175.157.140 softlayer technologies inc., 25/06/2014 03:20 server2 /manager/html 58.215.94.3 chinanet-backbone no.31,jin-rong street, cn 25/06/2014 03:20 server1 /manager/html 58.215.94.3 chinanet-backbone no.31,jin-rong street, cn 25/06/2014 05:59 server2 / 23.99.101.155 microsoft corporation, 25/06/2014 05:59 server1 / 23.99.101.155 microsoft corporation, 25/06/2014 07:40 server2 / 202.53.8.82 beam telecom pvt ltd, in 25/06/2014 09:08 server1 / 198.20.69.74 microsoft corporation, 25/06/2014 09:08 server1 / 198.20.69.74 microsoft corporation, 25/06/2014 09:08 server1 / 198.20.69.74 microsoft corporation, 25/06/2014 09:19 server2 / 198.20.69.98 singlehop, - scanner shodan hq, 25/06/2014 09:19 server2 /robots.txt 198.20.69.98 singlehop, - scanner shodan hq, 25/06/2014 10:43 server2 / 198.133.224.185 university of wisconsin madison, 25/06/2014 10:43 server1 /robots.txt 198.133.224.185 university of wisconsin madison,
first, ok. wouldn't phone call such emails ‘false positives’—someone scanning vulnerabilities—but on public net such scanning happens time, in case these error reports noise.
noise issue, though, since among may not notice more legitimate error reports in inbox.
you can rid of these emails by
configuring web server, or by updating django 1.7 (rc1 currently). in django 1.7 these actions don't cause error 500, instead silently handled response 400 (see corresponding commit , ticket).(i manage couple of production internal-use-only services, , we're updating our nginx configs rid of these emails.)
django spam robots.txt
No comments:
Post a Comment