*About the exploit*There is an exploit is was happening. I thought they were related to a web2py app on Apache, but I'm sure any more. What is happening is that another web server keeps getting this type of requests from a server I'm working on. This keeps happening although the ports 80 and 443 (and almost all other ports) for outbound traffic of the servers are closed. ModProxy is disabled.
server.ip - - [ -0500] "GET /index.php?page=../../../../../../../../proc/self/environ%00 HTTP/1.1" 200 7792 "-" "Mozilla/4.76 [en] (Win98; U)" I did find some suspicious apache logs which made me think it was related to a web2py app: 213.152.162.134 - - [23/Feb/2016:22:32:19 +0100] "GET http://stream-full.selfip.com:8000/get.php?username=anonyme1520091ef3&password=anonyme1520091ef3&type=m3u&output=mpegts&1=anonyme1520091ef 3 HTTP/1.0" 400 804 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3" 185.25.148.240 - - [24/Feb/2016:14:38:31 +0100] "GET http://testp3.pospr.waw.pl/testproxy.php HTTP/1.1" 404 267 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0" 213.152.162.134 - - [24/Feb/2016:19:44:56 +0100] "GET http://stream-full.selfip.com:8000/get.php?username=whatisashelly&password=whatisashelly&type=m3u&output=mpegts&1=whatisashelly HTTP/1.0" 500 1091 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" I did not wish to say that web2py has any specific issues, but rather to learn about potential and perhaps common mistakes people do when creating web2py or wsgi apps. Though this might as well be related to a php site or something else completely. *About naming this thread*When I wrote the name I thought it was related to one of my web2py apps, although it would probably be me who is responsible. Though I see what you mean *Anthony*, and I only wish to support web2py, as I find it to be the very best framework for creating server side web appplications. And I do not have any logs of the chat. *About why I use apache*You are right of course Niphlod. The full story is just that I had a working setup with Apache without any issues, so I was focusing on app development and not choosing web servers. It worked very well so far in the context, and it's not really important to discuss this any further. I have my reasons for why things are like they are, and of course I can move to nginx. Thanks for your replies so far! - Robin Den torsdag 25 februari 2016 kl. 23:20:34 UTC+2 skrev Anthony: > > > Perhaps the question was ill posed, but not knowing the true role of wsgi >> I don't know how I could have posted it differently. >> > > I'd say if you don't really have an understanding of an issue, avoid > definitive, sensational headlines like "Preventing hackers from exploiting > web2py with wsgi", as that makes it sound like this is a proven exploit in > need of prevention. Instead, maybe something like, "Question about possible > WSGI security issue." The reason for aiming to be more circumspect is that > this is a public forum, and so anything negative posted here, even if > untrue or misinformed, can quickly spread as FUD on the internets. > > Also, it sounds like you believe you might be experiencing a current > exploit. If that's the case, it would be better to present details and > evidence about your concern. > > Anthony > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
