Okay, I will do all those.
Thank you so much. I appreciate. On Mon, 4 May 2020, 1:26 am Motaz Hejaze, <trapper...@gmail.com> wrote: > check the log file , what are the acts that invokes the call to those > links ???? > example , logging in ? upload an image ? any act > > also try to check if there is a malicious script installed on your server > , > > take a peace from the text above and search for it .. > > Example: > > grep -lR "/sqlitemanager/main.php" /home > > replace /home with the location of your files ..and replace the string by > anything from the error message above > > On Mon, May 4, 2020 at 1:24 AM Ahmed Ishtiaque <ahmedisht...@gmail.com> > wrote: > >> Observe how your server responds to these requests. Sometimes these >> requests are sent by attackers hoping that your server might respond with >> sensitive data that it shouldn't be sending. Generally, ensuring that >> invalid requests end up with your server sending error responses and not >> actual sensitive data that your database has is all you need to do. >> >> Hope this helps. >> >> On Sun, May 3, 2020 at 6:51 PM Miracle <collinsale...@gmail.com> wrote: >> >>> I do not know of any script like that. >>> Atleast, I didn't write any. >>> >>> A get these calls on the following paths: >>> >>> /sqlite/main.php, >>> /robots.txt, >>> /, >>> /owa/auth/logon.aspx, >>> /cgi-bin/config.exp, >>> /HNAP1/, >>> /hudson/script, >>> /script, >>> /sqlitemanager/main.php, >>> /SQLiteManager/main.php, >>> /SQLite/main.php, >>> /main.php, >>> /test/sqlite/SQLiteManager-1.2.0/SQLiteManager-1.2.0/main.php, >>> /favicon.co >>> >>> >>> Please, what could be the problem? >>> >>> >>> >>> >>> >>> On Sun, 3 May 2020, 11:03 pm Motaz Hejaze, <trapper...@gmail.com> wrote: >>> >>>> I think you have a script somewhere that calls this ip and main.php on >>>> that server .. >>>> >>>> Do you add any third party addons both on frontend and backend ?? >>>> >>>> >>>> On Sun, 3 May 2020, 11:31 pm Miracle, <collinsale...@gmail.com> wrote: >>>> >>>>> I think the possible attacker thinks I am using PHP >>>>> >>>>> On Sun, 3 May 2020, 10:29 pm Miracle, <collinsale...@gmail.com> wrote: >>>>> >>>>>> I don't know honestly. >>>>>> >>>>>> I got those error messages because I included my email and username >>>>>> in settings.py like this >>>>>> >>>>>> ADMINS = ['username', 'collinsale...@gmail.com'] >>>>>> >>>>>> On Sun, 3 May 2020, 10:24 pm Motaz Hejaze, <trapper...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> What is the script main.php ??? >>>>>>> >>>>>>> On Sun, 3 May 2020, 10:43 pm Miracle, <collinsale...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Hello django developers, >>>>>>>> >>>>>>>> I might be experiencing a possible attack on my web server, but I >>>>>>>> am not sure yet. >>>>>>>> Below is the email I got from my django. >>>>>>>> I've gotten over 50 similar emails over the past 3 days. >>>>>>>> >>>>>>>> Please, help me with this. >>>>>>>> >>>>>>>> >>>>>>>> Invalid HTTP_HOST header: '35.192.28.182'. You may need to add >>>>>>>> '35.192.28.182' to ALLOWED_HOSTS. >>>>>>>> >>>>>>>> Report at /SQlite/main.php >>>>>>>> >>>>>>>> Invalid HTTP_HOST header: '35.192.28.182'. You may need to add >>>>>>>> '35.192.28.182' to ALLOWED_HOSTS. >>>>>>>> >>>>>>>> Request Method: GET >>>>>>>> Request URL: https://35.192.28.182/SQlite/main.php >>>>>>>> >>>>>>>> Django Version: 2.2.8 >>>>>>>> Python Executable: /home/hello/wsp/env/bin/python3 >>>>>>>> Python Version: 3.6.9 >>>>>>>> Python Path: ['/home/hello/wsp', '/home/hello/wsp/env/bin', >>>>>>>> '/usr/lib/python36.zip', '/usr/lib/python3.6', >>>>>>>> '/usr/lib/python3.6/lib-dynload', >>>>>>>> '/home/hello/wsp/env/lib/python3.6/site-packages'] >>>>>>>> Server time: Sun, 3 May 2020 19:22:55 +0000 >>>>>>>> Show quoted text >>>>>>>> HTTP_ACCEPT = >>>>>>>> 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' >>>>>>>> HTTP_ACCEPT_ENCODING = 'gzip, deflate, br' >>>>>>>> HTTP_ACCEPT_LANGUAGE = 'en-GB,en-US;q=0.9,en;q=0.8,ig;q=0.7' >>>>>>>> HTTP_CONNECTION = 'close' >>>>>>>> HTTP_COOKIE = >>>>>>>> 'csrftoken=mX6nNccvMIycyGeE4tF0hciqwfsccdaK8X8ZDt8YgimJeQYTjQFjxfB4YGNCZ9Ik; >>>>>>>> sessionid=mbmg0dvoz2tebman7ereia9eue59wto7' >>>>>>>> HTTP_HOST = '35.192.28.182' >>>>>>>> HTTP_SAVE_DATA = 'on' >>>>>>>> >>>>>>>> HTTP_SEC_FETCH_DEST = 'document' >>>>>>>> HTTP_SEC_FETCH_MODE = 'navigate' >>>>>>>> HTTP_SEC_FETCH_SITE = 'none' >>>>>>>> HTTP_UPGRADE_INSECURE_REQUESTS = '1' >>>>>>>> HTTP_USER_AGENT = 'Mozilla/5.0 (Linux; Android 9; SM-A307FN) >>>>>>>> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.117 Mobile >>>>>>>> Safari/537.36' >>>>>>>> HTTP_X_FORWARDED_FOR = '197.211.61.210' >>>>>>>> HTTP_X_FORWARDED_PROTO = 'https' >>>>>>>> HTTP_X_REAL_IP = '197.211.61.210' >>>>>>>> PATH_INFO = '/SQlite/main.php' >>>>>>>> QUERY_STRING = '' >>>>>>>> RAW_URI = '/SQlite/main.php' >>>>>>>> REMOTE_ADDR = '' >>>>>>>> REQUEST_METHOD = 'GET' >>>>>>>> SCRIPT_NAME = '' >>>>>>>> SERVER_NAME = '35.192.28.182' >>>>>>>> SERVER_PORT = '443' >>>>>>>> SERVER_PROTOCOL = 'HTTP/1.0' >>>>>>>> SERVER_SOFTWARE = 'gunicorn/20.0.4' >>>>>>>> gunicorn.socket = <socket.socket fd=9, >>>>>>>> family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, >>>>>>>> laddr=/home/hello/wsp/app.sock> >>>>>>>> wsgi.errors = <gunicorn.http.wsgi.WSGIErrorsWrapper object at >>>>>>>> 0x7f20fa4288d0> >>>>>>>> wsgi.file_wrapper = '' >>>>>>>> wsgi.input = <gunicorn.http.body.Body object at 0x7f20fa4280f0> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> kind regards*,* >>>>>>>> >>>>>>>> Miracle. >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "Django users" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to django-users+unsubscr...@googlegroups.com. >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/d/msgid/django-users/CADZv-jBZojn_UhiYUgPZiP2tvcYnmggOVq24nUbCXCX_D0990A%40mail.gmail.com >>>>>>>> <https://groups.google.com/d/msgid/django-users/CADZv-jBZojn_UhiYUgPZiP2tvcYnmggOVq24nUbCXCX_D0990A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Django users" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to django-users+unsubscr...@googlegroups.com. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/django-users/CAHV4E-d0iU5tYOPBeAVTuQLUgzVOM4v9Gu4s_rtxLqFFZr71dA%40mail.gmail.com >>>>>>> <https://groups.google.com/d/msgid/django-users/CAHV4E-d0iU5tYOPBeAVTuQLUgzVOM4v9Gu4s_rtxLqFFZr71dA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Django users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to django-users+unsubscr...@googlegroups.com. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/django-users/CADZv-jDTCNZMFy_6gp4X_cx5Vy9vMCWEk_X-GKsYizeTpWEkow%40mail.gmail.com >>>>> <https://groups.google.com/d/msgid/django-users/CADZv-jDTCNZMFy_6gp4X_cx5Vy9vMCWEk_X-GKsYizeTpWEkow%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Django users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to django-users+unsubscr...@googlegroups.com. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/django-users/CAHV4E-f_806e5aJ%2BTyPKyPag-5Z4BmX_AyvOfzEoj9xNiSTEzw%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/django-users/CAHV4E-f_806e5aJ%2BTyPKyPag-5Z4BmX_AyvOfzEoj9xNiSTEzw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Django users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to django-users+unsubscr...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/django-users/CADZv-jB3wxHUUET%2B64q0jJy9kZL9HarE_XXhmY0ipCAtHuPD-A%40mail.gmail.com >>> <https://groups.google.com/d/msgid/django-users/CADZv-jB3wxHUUET%2B64q0jJy9kZL9HarE_XXhmY0ipCAtHuPD-A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/CAKizqR7pmO4LmDN1UPCUag_t1sb-4gvihyQhUACLsA1GbyuBPg%40mail.gmail.com >> <https://groups.google.com/d/msgid/django-users/CAKizqR7pmO4LmDN1UPCUag_t1sb-4gvihyQhUACLsA1GbyuBPg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/CAHV4E-cw7rZLVFStWHtrm4y_AH5rNDUknQsQW95zZ6ZWDvHT%2Bw%40mail.gmail.com > <https://groups.google.com/d/msgid/django-users/CAHV4E-cw7rZLVFStWHtrm4y_AH5rNDUknQsQW95zZ6ZWDvHT%2Bw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jANJd%3DPvSAd_4zt5oE4o0nKOaxv27qjBUwAJm3LevMTJg%40mail.gmail.com.
