Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

The test of intelligent tinkering is to save all the parts. -- Aldo Leopold


computers / alt.bbs.synchronet / Re: web server

SubjectAuthor
* web serverUtopian Galt
+- web serverMRO
+* web serverDigital Man
|`* Re: web serverRagnarok
| `* Re: web serverDigital Man
|  `* Re: web serverRagnarok
|   `- Re: web serverDigital Man
+* web serverechicken
|`- Re: web serverRagnarok
+- Re: web serverRagnarok
`- Re: web serverTracker1

1
web server

<624A4A7B.322.dove-syncdisc@DESKTOP-6RR7GOQ>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=15896&group=alt.bbs.synchronet#15896

 copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.uzoreto.com!newsfeed.xs4all.nl!newsfeed8.news.xs4all.nl!news-out.netnews.com!news.alt.net!fdc2.netnews.com!peer03.ams1!peer.ams1.xlned.com!news.xlned.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx96.iad.POSTED!not-for-mail
From: utopian....@IUTOPIA.remove-2dq-this (Utopian Galt)
Subject: web server
Message-ID: <624A4A7B.322.dove-syncdisc@DESKTOP-6RR7GOQ>
X-Comment-To: All
Organization: Inland Utopia
Newsgroups: alt.bbs.synchronet
X-FTN-PID: Synchronet 3.19b-Win32 master/a2a9dc027 Jan 2 2022 MSC 1928
X-FTN-MSGID: 46657.sync@1:103/705 26b04b15
X-FTN-CHRS: UTF-8 4
WhenImported: 20220403183139-0700 c1e0
WhenExported: 20220403195827-0700 c1e0
ExportedFrom: IUTOPIA dove-syncdisc 322
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.19c-Win32 NewsLink 1.113]
Lines: 30
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Mon, 04 Apr 2022 02:58:31 UTC
Date: Sun, 3 Apr 2022 18:31:39 -0700
X-Received-Bytes: 2511
 by: Utopian Galt - Mon, 4 Apr 2022 01:31 UTC

4/3 06:28:31p 1996 Request: GET /sql/phpmyadmin4/index.php?lang=en HTTP/1.1
4/3 06:28:31p 1996 !ERROR: 404 Not Found (line 3721)
4/3 06:28:31p 1996 Session thread terminated (2 clients, 6 threads remain,
511 served)
4/3 06:28:31p 1996 HTTP connection accepted from: 188.166.240.83 port 49102
4/3 06:28:31p 1996 Request: GET /db/phpMyAdmin-5/index.php?lang=en HTTP/1.1
4/3 06:28:32p 1996 !ERROR: 404 Not Found (line 3721)
4/3 06:28:32p 1996 Session thread terminated (2 clients, 6 threads remain,
512 served)
4/3 06:28:32p 1996 HTTP connection accepted from: 188.166.240.83 port 49260
4/3 06:28:32p 1996 Request: GET /dbadmin/index.php?lang=en HTTP/1.1
4/3 06:28:32p 1996 !ERROR: 404 Not Found (line 3721)
4/3 06:28:32p 1996 Session thread terminated (2 clients, 6 threads remain,
513 served)
4/3 06:28:32p 1996 HTTP connection accepted from: 188.166.240.83 port 49424
4/3 06:28:32p 1996 Request: GET /phpmyadmin2015/index.php?lang=en HTTP/1.1
4/3 06:28:32p 1996 !ERROR: 404 Not Found (line 3721)
4/3 06:28:33p 1996 Session thread terminated (2 clients, 6 threads remain,
514 served)
4/3 06:28:33p 1996 HTTP connection accepted from: 188.166.240.83 port 49542
4/3 06:28:33p 1996 Request: GET /sql/myadmin/index.php?lang=en HTTP/1.1

How do I get people to GTFO out of /sql, /phpmyadmin, /db etc?

That is the big takeaway.

---
■ Synchronet ■ Inland Utopia - iutopia.duckdns.org:2023
--- Synchronet 3.19c-Win32 NewsLink 1.113
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

web server

<624A76F9.6570.sync@bbses.info>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=15898&group=alt.bbs.synchronet#15898

 copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!aioe.org!feeder1.feed.usenet.farm!feed.usenet.farm!newsfeed.xs4all.nl!newsfeed9.news.xs4all.nl!news-out.netnews.com!news.alt.net!fdc2.netnews.com!peer01.ams1!peer.ams1.xlned.com!news.xlned.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx45.iad.POSTED!not-for-mail
From: mro...@BBSESINF.remove-33n-this (MRO)
Subject: web server
Message-ID: <624A76F9.6570.sync@bbses.info>
X-Comment-To: Utopian Galt
Organization: bbses.info
Newsgroups: alt.bbs.synchronet
In-Reply-To: <624A4A7B.322.dove-syncdisc@DESKTOP-6RR7GOQ>
References: <624A4A7B.322.dove-syncdisc@DESKTOP-6RR7GOQ>
X-FTN-PID: Synchronet 3.18b-Win32 Sep 20 2020 MSC 1927
X-FTN-MSGID: 46659.sync@1:103/705 26b06693
X-FTN-REPLY: 46657.sync@1:103/705 26b04b15
X-FTN-CHRS: CP437 2
WhenImported: 20220403234129-0500 c168
WhenExported: 20220403235543-0500 c168
ExportedFrom: BBSESINF sync 6570
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.19c-Win32 NewsLink 1.113]
Lines: 15
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Mon, 04 Apr 2022 04:55:49 UTC
Date: Sun, 3 Apr 2022 23:41:29 -0500
X-Received-Bytes: 1432
 by: MRO - Mon, 4 Apr 2022 04:41 UTC

To: Utopian Galt
Re: web server
By: Utopian Galt to All on Sun Apr 03 2022 06:31 pm

>
> How do I get people to GTFO out of /sql, /phpmyadmin, /db etc?
>
> That is the big takeaway.

get off the internet.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::
--- Synchronet 3.19c-Win32 NewsLink 1.113
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

web server

<624A7F6E.46660.sync@vert.synchro.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=15899&group=alt.bbs.synchronet#15899

 copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!aioe.org!feeder1.feed.usenet.farm!feed.usenet.farm!news-out.netnews.com!news.alt.net!fdc2.netnews.com!peer03.ams1!peer.ams1.xlned.com!news.xlned.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx44.iad.POSTED!not-for-mail
From: digital....@vert.synchro.net.remove-2ry-this (Digital Man)
Subject: web server
Message-ID: <624A7F6E.46660.sync@vert.synchro.net>
X-Comment-To: Utopian Galt
Organization: Vertrauen
Newsgroups: alt.bbs.synchronet
In-Reply-To: <624A4A7B.322.dove-syncdisc@DESKTOP-6RR7GOQ>
References: <624A4A7B.322.dove-syncdisc@DESKTOP-6RR7GOQ>
X-FTN-PID: Synchronet 3.19c-Win32 master/54c0696a5 Mar 31 2022 MSC 1929
X-FTN-MSGID: 46660.sync@1:103/705 26b06bb2
X-FTN-REPLY: 46657.sync@1:103/705 26b04b15
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.19c-Win32 NewsLink 1.113]
Lines: 19
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Mon, 04 Apr 2022 05:17:28 UTC
Date: Sun, 3 Apr 2022 22:17:34 -0700
X-Received-Bytes: 1615
 by: Digital Man - Mon, 4 Apr 2022 05:17 UTC

To: Utopian Galt
Re: web server
By: Utopian Galt to All on Sun Apr 03 2022 06:31 pm

> 4/3 06:28:33p 1996 Request: GET /sql/myadmin/index.php?lang=en HTTP/1.1
>
> How do I get people to GTFO out of /sql, /phpmyadmin, /db etc?
>
> That is the big takeaway.

Just ignore them. <shrug>
--
digital man (rob)

Sling Blade quote #10:
Morris: I stand on the hill, not for thrill, but for the breath of a fresh kill
Norco, CA WX: 57.1°F, 82.0% humidity, 3 mph SSE wind, 0.00 inches rain/24hrs
--- Synchronet 3.19c-Win32 NewsLink 1.113
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

web server

<624A7D14.74516.sync@bbs.electronicchicken.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=15901&group=alt.bbs.synchronet#15901

 copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.uzoreto.com!news-out.netnews.com!news.alt.net!fdc2.netnews.com!peer02.ams1!peer.ams1.xlned.com!news.xlned.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx40.iad.POSTED!not-for-mail
From: echic...@ECBBS.remove-vue-this (echicken)
Subject: web server
Message-ID: <624A7D14.74516.sync@bbs.electronicchicken.com>
X-Comment-To: Utopian Galt
Organization: electronic chicken bbs
Newsgroups: alt.bbs.synchronet
In-Reply-To: <624A4A7B.322.dove-syncdisc@DESKTOP-6RR7GOQ>
References: <624A4A7B.322.dove-syncdisc@DESKTOP-6RR7GOQ>
X-FTN-PID: Synchronet 3.19c-Linux master/9aaaef9ab Feb 22 2022 GCC 9.3.0
X-FTN-MSGID: 46662.sync@1:103/705 26b06f33
X-FTN-REPLY: 46657.sync@1:103/705 26b04b15
X-FTN-CHRS: CP437 2
WhenImported: 20220404050732-0500 412c
WhenExported: 20220404053232Z 412c
ExportedFrom: ECBBS sync 74516
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.19c-Win32 NewsLink 1.113]
Lines: 21
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Mon, 04 Apr 2022 05:32:34 UTC
Date: Mon, 4 Apr 2022 05:07:32 -0500
X-Received-Bytes: 2074
 by: echicken - Mon, 4 Apr 2022 10:07 UTC

To: Utopian Galt
Re: web server
By: Utopian Galt to All on Sun Apr 03 2022 18:31:39

UG> How do I get people to GTFO out of /sql, /phpmyadmin, /db etc?

UG> That is the big takeaway.

The more important question is whether these requests are causing a real, measurable problem for you.

This sort of traffic comes in waves. You'll see huge surges that last for a matter of hours and then die off for weeks or months. Your logs show your web server isn't exactly being taxed; it's handling a couple of requests per second and responding with 404. No big deal.

You can play whack-a-mole with these bots and add complexity to your setup if you really want to, but you can also just do nothing and it'll be fine.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
---
■ Synchronet ■ electronic chicken bbs - bbs.electronicchicken.com
--- Synchronet 3.19c-Win32 NewsLink 1.113
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Re: web server

<624AEEFE.76507.dovenetsync@bbs.docksud.com.ar>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=15902&group=alt.bbs.synchronet#15902

 copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!newsreader4.netcologne.de!news.netcologne.de!peer02.ams1!peer.ams1.xlned.com!news.xlned.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx13.iad.POSTED!not-for-mail
From: ragna...@DOCKSUD.remove-s4v-this (Ragnarok)
Subject: Re: web server
Message-ID: <624AEEFE.76507.dovenetsync@bbs.docksud.com.ar>
X-Comment-To: Utopian Galt
Organization: Dock Sud BBS
Newsgroups: alt.bbs.synchronet
In-Reply-To: <624A4A7B.322.dove-syncdisc@DESKTOP-6RR7GOQ>
References: <624A4A7B.322.dove-syncdisc@DESKTOP-6RR7GOQ>
X-FTN-PID: Synchronet 3.19c-Linux master/726223ee8 Apr 3 2022 GCC 6.3.0
X-FTN-MSGID: 46668.sync@1:103/705 26b0e697
X-FTN-REPLY: 46657.sync@1:103/705 26b04b15
X-FTN-CHRS: UTF-8 4
WhenImported: 20220404101334-0300 ff4c
WhenExported: 20220404110145-0300 ff4c
ExportedFrom: DOCKSUD dovenetsync 76507
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101Firefox/91.0 Thunderbird/91.7.0
Content-Language: es-AR
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.19c-Win32 NewsLink 1.113]
Lines: 37
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Mon, 04 Apr 2022 14:01:51 UTC
Date: Mon, 4 Apr 2022 10:13:34 -0300
X-Received-Bytes: 3096
 by: Ragnarok - Mon, 4 Apr 2022 13:13 UTC

To: Utopian Galt
El 3/4/22 a las 22:31, Utopian Galt escribió:
> 4/3 06:28:31p 1996 Request: GET /sql/phpmyadmin4/index.php?lang=en HTTP/1.1
> 4/3 06:28:31p 1996 !ERROR: 404 Not Found (line 3721)
> 4/3 06:28:31p 1996 Session thread terminated (2 clients, 6 threads remain,
> 511 served)
> 4/3 06:28:31p 1996 HTTP connection accepted from: 188.166.240.83 port 49102
> 4/3 06:28:31p 1996 Request: GET /db/phpMyAdmin-5/index.php?lang=en HTTP/1.1
> 4/3 06:28:32p 1996 !ERROR: 404 Not Found (line 3721)
> 4/3 06:28:32p 1996 Session thread terminated (2 clients, 6 threads remain,
> 512 served)
> 4/3 06:28:32p 1996 HTTP connection accepted from: 188.166.240.83 port 49260
> 4/3 06:28:32p 1996 Request: GET /dbadmin/index.php?lang=en HTTP/1.1
> 4/3 06:28:32p 1996 !ERROR: 404 Not Found (line 3721)
> 4/3 06:28:32p 1996 Session thread terminated (2 clients, 6 threads remain,
> 513 served)
> 4/3 06:28:32p 1996 HTTP connection accepted from: 188.166.240.83 port 49424
> 4/3 06:28:32p 1996 Request: GET /phpmyadmin2015/index.php?lang=en HTTP/1.1
> 4/3 06:28:32p 1996 !ERROR: 404 Not Found (line 3721)
> 4/3 06:28:33p 1996 Session thread terminated (2 clients, 6 threads remain,
> 514 served)
> 4/3 06:28:33p 1996 HTTP connection accepted from: 188.166.240.83 port 49542
> 4/3 06:28:33p 1996 Request: GET /sql/myadmin/index.php?lang=en HTTP/1.1
>
> How do I get people to GTFO out of /sql, /phpmyadmin, /db etc?
>
> That is the big takeaway.
>
> ---
> ■ Synchronet ■ Inland Utopia - iutopia.duckdns.org:2023

use fail2ban and block these connections

---
■ Synchronet ■ Dock Sud BBS TLD 24 HS - bbs.docksud.com.ar
--- Synchronet 3.19c-Win32 NewsLink 1.113
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Re: web server

<624AEF89.76508.dovenetsync@bbs.docksud.com.ar>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=15903&group=alt.bbs.synchronet#15903

 copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!news.freedyn.de!newsreader4.netcologne.de!news.netcologne.de!peer03.ams1!peer.ams1.xlned.com!news.xlned.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx13.iad.POSTED!not-for-mail
From: ragna...@DOCKSUD.remove-s4v-this (Ragnarok)
Subject: Re: web server
Message-ID: <624AEF89.76508.dovenetsync@bbs.docksud.com.ar>
X-Comment-To: Digital Man
Organization: Dock Sud BBS
Newsgroups: alt.bbs.synchronet
In-Reply-To: <624A7F6E.46660.sync@vert.synchro.net>
References: <624A7F6E.46660.sync@vert.synchro.net>
X-FTN-PID: Synchronet 3.19c-Linux master/726223ee8 Apr 3 2022 GCC 6.3.0
X-FTN-MSGID: 46669.sync@1:103/705 26b0e698
X-FTN-REPLY: 46660.sync@1:103/705 26b06bb2
X-FTN-CHRS: UTF-8 4
WhenImported: 20220404101553-0300 ff4c
WhenExported: 20220404110146-0300 ff4c
ExportedFrom: DOCKSUD dovenetsync 76508
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101Firefox/91.0 Thunderbird/91.7.0
Content-Language: es-AR
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.19c-Win32 NewsLink 1.113]
Lines: 20
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Mon, 04 Apr 2022 14:01:52 UTC
Date: Mon, 4 Apr 2022 10:15:53 -0300
X-Received-Bytes: 1895
 by: Ragnarok - Mon, 4 Apr 2022 13:15 UTC

To: Digital Man
El 4/4/22 a las 02:17, Digital Man escribió:
> Re: web server
> By: Utopian Galt to All on Sun Apr 03 2022 06:31 pm
>
> > 4/3 06:28:33p 1996 Request: GET /sql/myadmin/index.php?lang=en HTTP/1.1
> >
> > How do I get people to GTFO out of /sql, /phpmyadmin, /db etc?
> >
> > That is the big takeaway.
>
> Just ignore them. <shrug>

can you add the client ip to the 404 error log? it will make easy to
made a fail2ban filter

---
■ Synchronet ■ Dock Sud BBS TLD 24 HS - bbs.docksud.com.ar
--- Synchronet 3.19c-Win32 NewsLink 1.113
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Re: web server

<624B9EA2.42135.dove-syncdisc@roughneckbbs.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=15906&group=alt.bbs.synchronet#15906

 copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!aioe.org!feeder1.feed.usenet.farm!feed.usenet.farm!newsfeed.xs4all.nl!newsfeed8.news.xs4all.nl!news-out.netnews.com!news.alt.net!fdc2.netnews.com!peer01.ams1!peer.ams1.xlned.com!news.xlned.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx34.iad.POSTED!not-for-mail
From: track...@TRN.remove-pw-this (Tracker1)
Subject: Re: web server
Message-ID: <624B9EA2.42135.dove-syncdisc@roughneckbbs.com>
X-Comment-To: Utopian Galt
Organization: Roughneck BBS
Newsgroups: alt.bbs.synchronet
In-Reply-To: <624A4A7B.322.dove-syncdisc@DESKTOP-6RR7GOQ>
References: <624A4A7B.322.dove-syncdisc@DESKTOP-6RR7GOQ>
X-FTN-PID: Synchronet 3.19a-Linux HEAD/15906e1 Sep 21 2021 GCC 6.3.0
X-FTN-MSGID: 46673.sync@1:103/705 26b18b13
X-FTN-REPLY: 46657.sync@1:103/705 26b04b15
X-FTN-CHRS: UTF-8 4
WhenImported: 20220405014258Z 0000
WhenExported: 20220405014324Z 0000
ExportedFrom: TRN dove-syncdisc 42135
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101Thunderbird/91.7.0
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Gateway: vert.synchro.net [Synchronet 3.19c-Win32 NewsLink 1.113]
Lines: 29
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Tue, 05 Apr 2022 01:43:34 UTC
Date: Mon, 4 Apr 2022 18:42:58 -0700
X-Received-Bytes: 2404
 by: Tracker1 - Tue, 5 Apr 2022 01:42 UTC

To: Utopian Galt
On 4/3/22 18:31, Utopian Galt wrote:
> ... Request: GET /sql/phpmyadmin4/index.php?lang=en HTTP/1.1
> ... !ERROR: 404 Not Found (line 3721)
> ...
>
> How do I get people to GTFO out of /sql, /phpmyadmin, /db etc?
>
> That is the big takeaway.

These are bots trying to see if you have various (potentially
compromisable) web applications on default ports... as long as you're
seeing 400 responses, you are fine... the 404 is basically a bugger off.

I wouldn't worry too much about them... You could create an
/error/404.ssjs to handle these with a custom response (I'm doing this
for a custom default.html and/or redirect), but it's probably not worth
the effort imo.

Alternatively, you could use a different webserver as a frontline
reverse proxy and configure those routes not to go to your BBS host...
this will make integration of TLS on your other services potentially
much more difficult though.
--
Michael J. Ryan - tracker1@roughneckbbs.com
---
■ Synchronet ■ Roughneck BBS - roughneckbbs.com
--- Synchronet 3.19c-Win32 NewsLink 1.113
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Re: web server

<624BAFB3.46674.sync@vert.synchro.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=15907&group=alt.bbs.synchronet#15907

 copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!aioe.org!news.uzoreto.com!news-out.netnews.com!news.alt.net!fdc2.netnews.com!peer02.ams1!peer.ams1.xlned.com!news.xlned.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx35.iad.POSTED!not-for-mail
From: digital....@vert.synchro.net.remove-3g8-this (Digital Man)
Subject: Re: web server
Message-ID: <624BAFB3.46674.sync@vert.synchro.net>
X-Comment-To: Ragnarok
Organization: Vertrauen
Newsgroups: alt.bbs.synchronet
In-Reply-To: <624AEF89.76508.dovenetsync@bbs.docksud.com.ar>
References: <624AEF89.76508.dovenetsync@bbs.docksud.com.ar>
X-FTN-PID: Synchronet 3.19c-Win32 master/54c0696a5 Mar 31 2022 MSC 1929
X-FTN-MSGID: 46674.sync@1:103/705 26b19c05
X-FTN-REPLY: 46669.sync@1:103/705 26b0e698
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.19c-Win32 NewsLink 1.113]
Lines: 29
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Tue, 05 Apr 2022 02:55:44 UTC
Date: Mon, 4 Apr 2022 19:55:47 -0700
X-Received-Bytes: 2102
 by: Digital Man - Tue, 5 Apr 2022 02:55 UTC

To: Ragnarok
Re: Re: web server
By: Ragnarok to Digital Man on Mon Apr 04 2022 10:15 am

> El 4/4/22 a las 02:17, Digital Man escribió:
> > Re: web server
> > By: Utopian Galt to All on Sun Apr 03 2022 06:31 pm
>
> > > 4/3 06:28:33p 1996 Request: GET /sql/myadmin/index.php?lang=en
> > HTTP/1.1
> > >
> > > How do I get people to GTFO out of /sql, /phpmyadmin, /db etc?
> > >
> > > That is the big takeaway.
>
> > Just ignore them. <shrug>
>
> can you add the client ip to the 404 error log? it will make easy to
> made a fail2ban filter

Okay, I just added that. But I wouldn't recommend blocking any/ever client that makes a bad HTTP request. You could have a bad link on your own web pages and be blocking a lot of honest to goodness users.
--
digital man (rob)

Synchronet/BBS Terminology Definition #37:
FTSC = FidoNet Technical Standards Committee
Norco, CA WX: 62.6°F, 71.0% humidity, 2 mph SE wind, 0.00 inches rain/24hrs
--- Synchronet 3.19c-Win32 NewsLink 1.113
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Re: web server

<624C34AB.76515.dovenetsync@bbs.docksud.com.ar>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=15909&group=alt.bbs.synchronet#15909

 copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!feeder1.feed.usenet.farm!feed.usenet.farm!news-out.netnews.com!news.alt.net!fdc2.netnews.com!peer01.ams1!peer.ams1.xlned.com!news.xlned.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx96.iad.POSTED!not-for-mail
From: ragna...@DOCKSUD.remove-31-this (Ragnarok)
Subject: Re: web server
Message-ID: <624C34AB.76515.dovenetsync@bbs.docksud.com.ar>
X-Comment-To: Digital Man
Organization: Dock Sud BBS
Newsgroups: alt.bbs.synchronet
In-Reply-To: <624BAFB3.46674.sync@vert.synchro.net>
References: <624BAFB3.46674.sync@vert.synchro.net>
X-FTN-PID: Synchronet 3.19c-Linux master/bf3da76e3 Apr 4 2022 GCC 8.3.0
X-FTN-MSGID: 46676.sync@1:103/705 26b22d3c
X-FTN-REPLY: 46674.sync@1:103/705 26b19c05
X-FTN-CHRS: UTF-8 4
WhenImported: 20220405092307-0300 ff4c
WhenExported: 20220405101513-0300 ff4c
ExportedFrom: DOCKSUD dovenetsync 76515
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101Firefox/91.0 Thunderbird/91.7.0
Content-Language: es-AR
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.19c-Win32 NewsLink 1.113]
Lines: 26
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Tue, 05 Apr 2022 13:15:37 UTC
Date: Tue, 5 Apr 2022 09:23:07 -0300
X-Received-Bytes: 2048
 by: Ragnarok - Tue, 5 Apr 2022 12:23 UTC

To: Digital Man
El 4/4/22 a las 23:55, Digital Man escribió:
>
> Okay, I just added that. But I wouldn't recommend blocking any/ever client that makes a bad HTTP request. You could have a bad link on your own web pages and be blocking a lot of honest to goodness users.

I agree, I would only block if the same error occurs many times from the
same host

An idea would be to be able to add aliases with return code
example:

[ctrl/web_alias.ini]

/phpmyadmin* = return 403
/wp-admin* = return 403

etc...

I don't have wordpress or phpmyadmin so I can assume these are attacks
and identify and block them

---
■ Synchronet ■ Dock Sud BBS TLD 24 HS - bbs.docksud.com.ar
--- Synchronet 3.19c-Win32 NewsLink 1.113
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Re: web server

<624C35AF.76516.dovenetsync@bbs.docksud.com.ar>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=15910&group=alt.bbs.synchronet#15910

 copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!newsreader4.netcologne.de!news.netcologne.de!peer01.ams1!peer.ams1.xlned.com!news.xlned.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx96.iad.POSTED!not-for-mail
From: ragna...@DOCKSUD.remove-31-this (Ragnarok)
Subject: Re: web server
Message-ID: <624C35AF.76516.dovenetsync@bbs.docksud.com.ar>
X-Comment-To: echicken
Organization: Dock Sud BBS
Newsgroups: alt.bbs.synchronet
In-Reply-To: <624A7D14.74516.sync@bbs.electronicchicken.com>
References: <624A7D14.74516.sync@bbs.electronicchicken.com>
X-FTN-PID: Synchronet 3.19c-Linux master/bf3da76e3 Apr 4 2022 GCC 8.3.0
X-FTN-MSGID: 46677.sync@1:103/705 26b22d3d
X-FTN-REPLY: 46662.sync@1:103/705 26b06f33
X-FTN-CHRS: UTF-8 4
WhenImported: 20220405092727-0300 ff4c
WhenExported: 20220405101513-0300 ff4c
ExportedFrom: DOCKSUD dovenetsync 76516
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101Firefox/91.0 Thunderbird/91.7.0
Content-Language: es-AR
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.19c-Win32 NewsLink 1.113]
Lines: 25
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Tue, 05 Apr 2022 13:15:38 UTC
Date: Tue, 5 Apr 2022 09:27:27 -0300
X-Received-Bytes: 2424
 by: Ragnarok - Tue, 5 Apr 2022 12:27 UTC

To: echicken
El 4/4/22 a las 07:07, echicken escribió:
> Re: web server
> By: Utopian Galt to All on Sun Apr 03 2022 18:31:39
>
> UG> How do I get people to GTFO out of /sql, /phpmyadmin, /db etc?
>
> UG> That is the big takeaway.
>
> The more important question is whether these requests are causing a real, measurable problem for you.
>
> This sort of traffic comes in waves. You'll see huge surges that last for a matter of hours and then die off for weeks or months. Your logs show your web server isn't exactly being taxed; it's handling a couple of requests per second and responding with 404. No big deal.
>
> You can play whack-a-mole with these bots and add complexity to your setup if you really want to, but you can also just do nothing and it'll be fine.
>

It doesn't bother me that the disk fills up with 404 logs because
logrotate exists
the worst problem is cpu usage.
those requests increase the sbbs process from 5% to 50% sometimes

---
■ Synchronet ■ Dock Sud BBS TLD 24 HS - bbs.docksud.com.ar
--- Synchronet 3.19c-Win32 NewsLink 1.113
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Re: web server

<624CF1D3.46686.sync@vert.synchro.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=15920&group=alt.bbs.synchronet#15920

 copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!aioe.org!feeder1.feed.usenet.farm!feed.usenet.farm!peer01.ams4!peer.am4.highwinds-media.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx10.iad.POSTED!not-for-mail
From: digital....@vert.synchro.net.remove-lbk-this (Digital Man)
Subject: Re: web server
Message-ID: <624CF1D3.46686.sync@vert.synchro.net>
X-Comment-To: Ragnarok
Organization: Vertrauen
Newsgroups: alt.bbs.synchronet
In-Reply-To: <624C34AB.76515.dovenetsync@bbs.docksud.com.ar>
References: <624C34AB.76515.dovenetsync@bbs.docksud.com.ar>
X-FTN-PID: Synchronet 3.19c-Win32 master/54c0696a5 Mar 31 2022 MSC 1929
X-FTN-MSGID: 46686.sync@1:103/705 26b2de31
X-FTN-REPLY: 46676.sync@1:103/705 26b22d3c
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.19c-Win32 NewsLink 1.113]
Lines: 30
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Wed, 06 Apr 2022 01:51:48 UTC
Date: Tue, 5 Apr 2022 18:50:11 -0700
X-Received-Bytes: 1982
 by: Digital Man - Wed, 6 Apr 2022 01:50 UTC

To: Ragnarok
Re: Re: web server
By: Ragnarok to Digital Man on Tue Apr 05 2022 09:23 am

> El 4/4/22 a las 23:55, Digital Man escribió:
>
> > Okay, I just added that. But I wouldn't recommend blocking any/ever client
> > that makes a bad HTTP request. You could have a bad link on your own web
> > pages and be blocking a lot of honest to goodness users.
>
> I agree, I would only block if the same error occurs many times from the
> same host
>
> An idea would be to be able to add aliases with return code
> example:
>
> [ctrl/web_alias.ini]
>
> /phpmyadmin* = return 403
> /wp-admin* = return 403

I'm not sure. Ask Deuce in #synchronet.
--
digital man (rob)

Breaking Bad quote #37:
only the very best... with just a right amount of dirty. - Saul
Norco, CA WX: 73.9°F, 56.0% humidity, 4 mph ESE wind, 0.00 inches rain/24hrs
--- Synchronet 3.19c-Win32 NewsLink 1.113
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor