[TurboGears] Should I worry?

[Jeff Grimmett]

This showed up in my log today:

== snip ==
2005/11/03 16:42:09 HTTP INFO 71.99.213.111 - SEARCH /ÉÉÉÉÉ  == snip == ‹ù2ÀþÀò®ÿç HTTP/1.1
2005/11/03 16:42:35 HTTP INFO 71.99.213.111 - POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1
2005/11/03 17:04:23 HTTP INFO 68.142.251.27 - GET /robots.txt HTTP/1.0
2005/11/03 17:04:24 HTTP INFO 68.142.249.45 - GET / HTTP/1.0
2005/11/03 18:59:25 HTTP INFO 69.64.32.73 - GET /cacti/graph_image.php HTTP/1.1
2005/11/03 19:02:46 HTTP INFO 69.64.32.73 - GET /ttp://71.99.100.12/cacti/graph_view.php?action="" HTTP/1.0
2005/11/03 19:02:46  INFO Traceback (most recent call last):
  File "e:\python\lib\site-packages\cherrypy-2.1.0-py2.4.egg\cherrypy\_cphttptools.py ", line 271, in run
    main()
  File "e:\python\lib\site-packages\cherrypy-2.1.0-py2.4.egg\cherrypy\_cphttptools.py", line 502, in main
    body = page_handler(*args, **cherrypy.request.paramMap)
  File "f:\downloads\dev\python\web\turbogears\svn\turbogears\controllers.py", line 182, in newfunc
    output = func(self, *args, **kw)
TypeError: default() got an unexpected keyword argument 'action'

== snip ==

Note1: First address is my ISP (Verizon). Second two are Inktomi (Yahoo search). Last two are some company called Level3 (looking into them, but most likely a colocated box hit me).

Note2: the first line has been truncated - it was several hundred bytes of binary.

OK, several issues:

1) This LOOKS like an intrusion attempt. Why Verizon (the address resolves to one of the main servers in Reston, VA) would be doing this sort of thing is beyond me. On the other hand, I am a total HTTP rube, so it might be far less than that - any grizzle-bearded sysadmins have any ideas? Was this an indexing hit?

2) Looks also like whoever it was was trying to connect up to some Front Page extensions on my machine, which I most assuredly do NOT use and never intend to (g), but again maybe it's less sinister than I think it is.

3) In attempting to recreate a couple of the URLs that were probed, I noticed that my 404 page (defined in my Root object) did not have access to my style sheets or images pointed to by my /static settings. So I need to figure out how to make that work better.

4) The log doesn't appear to indicate what the result code was that the server sent back - I assume 404 for all the bogus URLs, but it's hard to say. Shouldn't that be part of what is logged? This information IS shown in the shell window if I have logToScreen set to True (which I do).

5) The request /ttp://71.99.100.12/cacti/graph_view.php?action="" caused an exception. Is there some way to avoid this and force either a truncation of parameters or redirect to a 404 page? Is this something I should write into my Root class or is it something that TG/CP/whatever should be handling more gracefully (my vote is the latter but I am definately new to this app so ...)

5a) I can add a **kwargs argument to my default() method - would that be the best way to handle #5?

6) Viewing the log brings to mind the question - is there a way to control the logging (other than turning it on and off) via config file? i.e. it looks like the python logging module is being used, and that can be controlled to only show certain kinds of output. Is this control tied into the config system?

--
"Things fall apart. The Center cannot hold."
                  - Life as a QA geek, in a nutshell.

Best,

    Jeff