Ok, thank you all for your kind responses! I think I have what I need from the web2py community, and I will resolve the issue with the information provided.
If it's possible to change the name of this thread, I do not mind to do so, as for what Anthony suggested: https://www.lowendtalk.com/discussion/69248/bitninja-abuse-reports Den fredag 26 februari 2016 kl. 18:05:45 UTC+1 skrev Anthony: > > On Friday, February 26, 2016 at 10:57:19 AM UTC-5, Robin Manoli wrote: >> >> >> So, is the above log entry from the *other* server (i.e., not the one >>> you control)? I presume the "server.ip" value is the IP address of your >>> server, hence the belief that this request is coming from your server, >>> correct? If so, how did you get this log entry? Did the owner of the server >>> contact you and provide it? Did they request any information from you? Can >>> you trust that this is real (as opposed to a social engineering attempt)? >>> >> >> Yes this was the entry from the other server. The report of the entry was >> sent to the VPS provider by bitninja.io, and the VPS provider forwarded >> it to me asking for a solution. Bitninja didn't ask for anything else than >> those logs I posted here, and they said pretty much the same thing about >> attempting proxy requests. They seem trustable to me, although I don't see >> how these requests from my server keep happening on port 80 on that server >> after I blocked it for outgoing traffic. >> > > Note, Bitninja sells server security services (i.e., they have an interest > in convincing you that you've got a vulnerability so you will buy their > services). A lot of folks seem to think they generate fake reports as a > marketing scam -- see: > > https://www.lowendtalk.com/discussion/69911/hukot-net-and-bitninja-io > https://www.lowendtalk.com/discussion/69248/bitninja-abuse-reports > > Also, on their home page <https://bitninja.io/>, both the counter and the > "live" list of "attacks" are fake -- generated client-side via Javascript > (no live updates from the server). > > I'm not sure if they sent you more details, but I notice the alleged > server log record from them does not include the timestamp, and it does not > appear they gave you the host name or IP address of the allegedly attacked > server. This means there is no way for you to correlate their alleged > records with your own logs (i.e., you cannot match the external host/ip nor > the time of the request). They have sent you a very generic and common type > of attack, so it may be likely that you would have a matching request in > your logs just by chance (and if you don't, all the more reason to doubt > them). > > If you think they're for real, tell them you at least want to see > timestamps -- if you don't see a matching request in your logs around the > same time, I would highly doubt their reports are real. > > Anthony > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
