I think you have a script somewhere that calls this ip and main.php on that server ..
Do you add any third party addons both on frontend and backend ?? On Sun, 3 May 2020, 11:31 pm Miracle, <collinsale...@gmail.com> wrote: > I think the possible attacker thinks I am using PHP > > On Sun, 3 May 2020, 10:29 pm Miracle, <collinsale...@gmail.com> wrote: > >> I don't know honestly. >> >> I got those error messages because I included my email and username in >> settings.py like this >> >> ADMINS = ['username', 'collinsale...@gmail.com'] >> >> On Sun, 3 May 2020, 10:24 pm Motaz Hejaze, <trapper...@gmail.com> wrote: >> >>> What is the script main.php ??? >>> >>> On Sun, 3 May 2020, 10:43 pm Miracle, <collinsale...@gmail.com> wrote: >>> >>>> Hello django developers, >>>> >>>> I might be experiencing a possible attack on my web server, but I am >>>> not sure yet. >>>> Below is the email I got from my django. >>>> I've gotten over 50 similar emails over the past 3 days. >>>> >>>> Please, help me with this. >>>> >>>> >>>> Invalid HTTP_HOST header: '35.192.28.182'. You may need to add >>>> '35.192.28.182' to ALLOWED_HOSTS. >>>> >>>> Report at /SQlite/main.php >>>> >>>> Invalid HTTP_HOST header: '35.192.28.182'. You may need to add >>>> '35.192.28.182' to ALLOWED_HOSTS. >>>> >>>> Request Method: GET >>>> Request URL: https://35.192.28.182/SQlite/main.php >>>> >>>> Django Version: 2.2.8 >>>> Python Executable: /home/hello/wsp/env/bin/python3 >>>> Python Version: 3.6.9 >>>> Python Path: ['/home/hello/wsp', '/home/hello/wsp/env/bin', >>>> '/usr/lib/python36.zip', '/usr/lib/python3.6', >>>> '/usr/lib/python3.6/lib-dynload', >>>> '/home/hello/wsp/env/lib/python3.6/site-packages'] >>>> Server time: Sun, 3 May 2020 19:22:55 +0000 >>>> Show quoted text >>>> HTTP_ACCEPT = >>>> 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' >>>> HTTP_ACCEPT_ENCODING = 'gzip, deflate, br' >>>> HTTP_ACCEPT_LANGUAGE = 'en-GB,en-US;q=0.9,en;q=0.8,ig;q=0.7' >>>> HTTP_CONNECTION = 'close' >>>> HTTP_COOKIE = >>>> 'csrftoken=mX6nNccvMIycyGeE4tF0hciqwfsccdaK8X8ZDt8YgimJeQYTjQFjxfB4YGNCZ9Ik; >>>> sessionid=mbmg0dvoz2tebman7ereia9eue59wto7' >>>> HTTP_HOST = '35.192.28.182' >>>> HTTP_SAVE_DATA = 'on' >>>> >>>> HTTP_SEC_FETCH_DEST = 'document' >>>> HTTP_SEC_FETCH_MODE = 'navigate' >>>> HTTP_SEC_FETCH_SITE = 'none' >>>> HTTP_UPGRADE_INSECURE_REQUESTS = '1' >>>> HTTP_USER_AGENT = 'Mozilla/5.0 (Linux; Android 9; SM-A307FN) >>>> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.117 Mobile >>>> Safari/537.36' >>>> HTTP_X_FORWARDED_FOR = '197.211.61.210' >>>> HTTP_X_FORWARDED_PROTO = 'https' >>>> HTTP_X_REAL_IP = '197.211.61.210' >>>> PATH_INFO = '/SQlite/main.php' >>>> QUERY_STRING = '' >>>> RAW_URI = '/SQlite/main.php' >>>> REMOTE_ADDR = '' >>>> REQUEST_METHOD = 'GET' >>>> SCRIPT_NAME = '' >>>> SERVER_NAME = '35.192.28.182' >>>> SERVER_PORT = '443' >>>> SERVER_PROTOCOL = 'HTTP/1.0' >>>> SERVER_SOFTWARE = 'gunicorn/20.0.4' >>>> gunicorn.socket = <socket.socket fd=9, family=AddressFamily.AF_UNIX, >>>> type=SocketKind.SOCK_STREAM, proto=0, laddr=/home/hello/wsp/app.sock> >>>> wsgi.errors = <gunicorn.http.wsgi.WSGIErrorsWrapper object at >>>> 0x7f20fa4288d0> >>>> wsgi.file_wrapper = '' >>>> wsgi.input = <gunicorn.http.body.Body object at 0x7f20fa4280f0> >>>> >>>> >>>> >>>> >>>> kind regards*,* >>>> >>>> Miracle. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Django users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to django-users+unsubscr...@googlegroups.com. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/django-users/CADZv-jBZojn_UhiYUgPZiP2tvcYnmggOVq24nUbCXCX_D0990A%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/django-users/CADZv-jBZojn_UhiYUgPZiP2tvcYnmggOVq24nUbCXCX_D0990A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Django users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to django-users+unsubscr...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/django-users/CAHV4E-d0iU5tYOPBeAVTuQLUgzVOM4v9Gu4s_rtxLqFFZr71dA%40mail.gmail.com >>> <https://groups.google.com/d/msgid/django-users/CAHV4E-d0iU5tYOPBeAVTuQLUgzVOM4v9Gu4s_rtxLqFFZr71dA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/CADZv-jDTCNZMFy_6gp4X_cx5Vy9vMCWEk_X-GKsYizeTpWEkow%40mail.gmail.com > <https://groups.google.com/d/msgid/django-users/CADZv-jDTCNZMFy_6gp4X_cx5Vy9vMCWEk_X-GKsYizeTpWEkow%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHV4E-f_806e5aJ%2BTyPKyPag-5Z4BmX_AyvOfzEoj9xNiSTEzw%40mail.gmail.com.
