I'm working on launching a site which currently is still linked to only an IP and thanks to how digitalocean recommends setting it up and how I built it I feel it's relatively safe provided that the security I implemented on ubuntu as recommended and Django's inbuilt security avoiding file browsing outside set path's and accessing info is maintained.
Still though getting this emails thanks to error handling shows someone is trying to access my sock file and I think it's only right this is pointed out to know if there's a known vulnerability. Invalid HTTP_HOST header: '/home/sammy/webapp/decomagna/deco.sock:'. The domain name provided is not valid according to RFC 1034/1035. Report at / Invalid HTTP_HOST header: '/home/sammy/webapp/decomagna/deco.sock:'. The domain name provided is not valid according to RFC 1034/1035. Request Method: GET Request URL: http:///home/sammy/webapp/decomagna/deco.sock:/ Django Version: 2.0 Python Executable: /home/sammy/webapp/envs/deco/bin/python3 Python Version: 3.5.2 Python Path: ['/home/sammy/webapp/decomagna', '/home/sammy/webapp/envs/deco/bin', '/home/sammy/webapp/envs/deco/lib/python35.zip', '/home/sammy/webapp/envs/deco/lib/python3.5', '/home/sammy/webapp/envs/deco/lib/python3.5/plat-x86_64-linux-gnu', '/home/sammy/webapp/envs/deco/lib/python3.5/lib-dynload', '/usr/lib/python3.5', '/usr/lib/python3.5/plat-x86_64-linux-gnu', '/home/sammy/webapp/envs/deco/lib/python3.5/site-packages'] Server time: Thu, 31 Jan 2019 21:16:48 +0000 Installed Applications: ['django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'location_field.apps.DefaultConfig', 'mptt', 'ckeditor', 'ckeditor_uploader', 'inventory', 'common', 'pages'] Installed Middleware: ['django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware'] Request information: USER: [unable to retrieve the current user] GET: No GET data POST: No POST data FILES: No FILES data COOKIES: No cookie data META: HTTP_ACCEPT = '*/*' HTTP_CONNECTION = 'close' HTTP_USER_AGENT = 'Mozilla/5.0(WindowsNT6.1;rv:31.0)Gecko/20100101Firefox/31.0' HTTP_X_FORWARDED_FOR = '196.52.43.114' HTTP_X_FORWARDED_PROTO = 'http' HTTP_X_REAL_IP = '196.52.43.114' PATH_INFO = '/' QUERY_STRING = '' RAW_URI = '/' REMOTE_ADDR = '' REQUEST_METHOD = 'GET' SCRIPT_NAME = '' SERVER_NAME = '/home/sammy/webapp/decomagna/deco.sock' SERVER_PORT = '' SERVER_PROTOCOL = 'HTTP/1.0' SERVER_SOFTWARE = 'gunicorn/19.9.0' gunicorn.socket = <socket.socket fd=10, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, laddr=/home/sammy/webapp/decomagna/deco.sock> wsgi.errors = <gunicorn.http.wsgi.WSGIErrorsWrapper object at 0x7fa284bcea90> wsgi.file_wrapper = '' wsgi.input = <gunicorn.http.body.Body object at 0x7fa284bdbe10> wsgi.multiprocess = True wsgi.multithread = False wsgi.run_once = False wsgi.url_scheme = 'http' wsgi.version = '(1, 0)' Settings: Using settings module decomagna.settings ABSOLUTE_URL_OVERRIDES = {} ADMINS = [('Samuel Muiruri', 'muiruri.sam...@gmail.com')] ALLOWED_HOSTS = ['68.183.98.238'] APPEND_SLASH = True AUTHENTICATION_BACKENDS = ['django.contrib.auth.backends.ModelBackend'] AUTH_PASSWORD_VALIDATORS = '********************' AUTH_USER_MODEL = 'auth.User' BASE_DIR = '/home/sammy/webapp/decomagna' CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}} CACHE_MIDDLEWARE_ALIAS = 'default' CACHE_MIDDLEWARE_KEY_PREFIX = '********************' CACHE_MIDDLEWARE_SECONDS = 600 CKEDITOR_BASEPATH = '/static/ckeditor/ckeditor/' CKEDITOR_CONFIGS = {'default': {'toolbar': None, 'allowedContent': True}, 'disableNativeSpellChecker': False, 'basic_ckeditor': {'toolbar': 'Basic'}} CKEDITOR_UPLOAD_PATH = 'ckeditor/' CONTACT_ADMINS = [] CSRF_COOKIE_AGE = 31449600 CSRF_COOKIE_DOMAIN = None CSRF_COOKIE_HTTPONLY = False CSRF_COOKIE_NAME = 'csrftoken' CSRF_COOKIE_PATH = '/' CSRF_COOKIE_SECURE = False CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure' CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN' CSRF_TRUSTED_ORIGINS = [] CSRF_USE_SESSIONS = False DATABASES = ... DATABASE_ROUTERS = [] DATA_UPLOAD_MAX_MEMORY_SIZE = 2621440 DATA_UPLOAD_MAX_NUMBER_FIELDS = 1000 DATETIME_FORMAT = 'N j, Y, P' DATETIME_INPUT_FORMATS = ['%Y-%m-%d %H:%M:%S', '%Y-%m-%d %H:%M:%S.%f', '%Y-%m-%d %H:%M', '%Y-%m-%d', '%m/%d/%Y %H:%M:%S', '%m/%d/%Y %H:%M:%S.%f', '%m/%d/%Y %H:%M', '%m/%d/%Y', '%m/%d/%y %H:%M:%S', '%m/%d/%y %H:%M:%S.%f', '%m/%d/%y %H:%M', '%m/%d/%y'] DATE_FORMAT = 'N j, Y' DATE_INPUT_FORMATS = ['%Y-%m-%d', '%m/%d/%Y', '%m/%d/%y', '%b %d %Y', '%b %d, %Y', '%d %b %Y', '%d %b, %Y', '%B %d %Y', '%B %d, %Y', '%d %B %Y', '%d %B, %Y'] DEBUG = False DEBUG_PROPAGATE_EXCEPTIONS = False DECIMAL_SEPARATOR = '.' DEFAULT_CHARSET = 'utf-8' DEFAULT_CONTENT_TYPE = 'text/html' DEFAULT_EXCEPTION_REPORTER_FILTER = 'django.views.debug.SafeExceptionReporterFilter' DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage' DEFAULT_FROM_EMAIL = 'webmaster@localhost' DEFAULT_INDEX_TABLESPACE = '' DEFAULT_TABLESPACE = '' DISALLOWED_USER_AGENTS = [] EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = 'smtp.gmail.com' EMAIL_HOST_PASSWORD = '********************' EMAIL_HOST_USER = 'no-re...@decomagna.com' EMAIL_PORT = 587 EMAIL_SSL_CERTFILE = None EMAIL_SSL_KEYFILE = '********************' EMAIL_SUBJECT_PREFIX = '[Django] ' EMAIL_TIMEOUT = None EMAIL_USE_LOCALTIME = False EMAIL_USE_SSL = False EMAIL_USE_TLS = True FILE_CHARSET = 'utf-8' FILE_UPLOAD_DIRECTORY_PERMISSIONS = None FILE_UPLOAD_HANDLERS = ['django.core.files.uploadhandler.MemoryFileUploadHandler', 'django.core.files.uploadhandler.TemporaryFileUploadHandler'] FILE_UPLOAD_MAX_MEMORY_SIZE = 2621440 FILE_UPLOAD_PERMISSIONS = None FILE_UPLOAD_TEMP_DIR = None FIRST_DAY_OF_WEEK = 0 FIXTURE_DIRS = [] FORCE_SCRIPT_NAME = None FORMAT_MODULE_PATH = None FORM_RENDERER = 'django.forms.renderers.DjangoTemplates' GOOGLE_MAPS_API_KEY = '********************' IGNORABLE_404_URLS = [] INSTALLED_APPS = ['django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'location_field.apps.DefaultConfig', 'mptt', 'ckeditor', 'ckeditor_uploader', 'inventory', 'common', 'pages'] INTERNAL_IPS = [] LANGUAGES = ... LANGUAGES_BIDI = ['he', 'ar', 'fa', 'ur'] LANGUAGE_CODE = 'en-us' LANGUAGE_COOKIE_AGE = None LANGUAGE_COOKIE_DOMAIN = None LANGUAGE_COOKIE_NAME = 'django_language' LANGUAGE_COOKIE_PATH = '/' LOCALE_PATHS = [] LOCATION_FIELD = {'provider.google.map_type': 'ROADMAP', 'provider.mapbox.id': 'mapbox.streets', 'resources.media': {'js': ['/static/location_field/js/jquery.livequery.js', '/static/location_field/js/form.js']}, 'map.provider': 'google', 'provider.mapbox.access_token': '********************', 'provider.mapbox.max_zoom': 18, 'search.suffix': '', 'search.provider': 'google', 'map.zoom': 13, 'provider.google.api': '********************', 'resources.root_path': '/static/location_field', 'provider.google.api_key': '********************', 'provider.openstreetmap.max_zoom': 18} LOGGING = {} LOGGING_CONFIG = 'logging.config.dictConfig' LOGIN_REDIRECT_URL = '/accounts/profile/' LOGIN_URL = '/sign-up' LOGOUT_REDIRECT_URL = None MANAGERS = [] MEDIA_ROOT = '/home/sammy/webapp/decomagna/media' MEDIA_URL = '/media/' MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage' MIDDLEWARE = ['django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware'] MIGRATION_MODULES = {} MONTH_DAY_FORMAT = 'F j' NUMBER_GROUPING = 0 PASSWORD_HASHERS = '********************' PASSWORD_RESET_TIMEOUT_DAYS = '********************' PREPEND_WWW = False ROOT_URLCONF = 'decomagna.urls' SECRET_KEY = '********************' SECURE_BROWSER_XSS_FILTER = False SECURE_CONTENT_TYPE_NOSNIFF = False SECURE_HSTS_INCLUDE_SUBDOMAINS = False SECURE_HSTS_PRELOAD = False SECURE_HSTS_SECONDS = 0 SECURE_PROXY_SSL_HEADER = None SECURE_REDIRECT_EXEMPT = [] SECURE_SSL_HOST = None SECURE_SSL_REDIRECT = False SERVER_EMAIL = 'no-re...@decomagna.com' SESSION_CACHE_ALIAS = 'default' SESSION_COOKIE_AGE = 1209600 SESSION_COOKIE_DOMAIN = None SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_NAME = 'sessionid' SESSION_COOKIE_PATH = '/' SESSION_COOKIE_SECURE = False SESSION_ENGINE = 'django.contrib.sessions.backends.db' SESSION_EXPIRE_AT_BROWSER_CLOSE = False SESSION_FILE_PATH = None SESSION_SAVE_EVERY_REQUEST = False SESSION_SERIALIZER = 'django.contrib.sessions.serializers.JSONSerializer' SETTINGS_MODULE = 'decomagna.settings' SHORT_DATETIME_FORMAT = 'm/d/Y P' SHORT_DATE_FORMAT = 'm/d/Y' SIGNING_BACKEND = 'django.core.signing.TimestampSigner' SILENCED_SYSTEM_CHECKS = [] SITE_NAME = 'DecoMagna' STATICFILES_DIRS = "('/home/sammy/webapp/decomagna/static',)" STATICFILES_FINDERS = ['django.contrib.staticfiles.finders.FileSystemFinder', 'django.contrib.staticfiles.finders.AppDirectoriesFinder'] STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage' STATIC_ROOT = None STATIC_URL = '/static/' TEMPLATES = [{'BACKEND': 'django.template.backends.django.DjangoTemplates', 'APP_DIRS': True, 'DIRS': ['/home/sammy/webapp/decomagna/templates'], 'OPTIONS': {'context_processors': ['django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', 'pages.context_processors.pages']}}] TEST_NON_SERIALIZED_APPS = [] TEST_RUNNER = 'django.test.runner.DiscoverRunner' THOUSAND_SEPARATOR = ',' TIME_FORMAT = 'P' TIME_INPUT_FORMATS = ['%H:%M:%S', '%H:%M:%S.%f', '%H:%M'] TIME_ZONE = 'UTC' UPLOADCARE = {'pub_key': '********************', 'secret': '********************'} UPLOAD_DIR = '/home/sammy/webapp/decomagna/media/uploads' USE_ETAGS = False USE_I18N = True USE_L10N = True USE_THOUSAND_SEPARATOR = False USE_TZ = True USE_X_FORWARDED_HOST = False USE_X_FORWARDED_PORT = False WSGI_APPLICATION = 'decomagna.wsgi.application' X_FRAME_OPTIONS = 'SAMEORIGIN' YEAR_MONTH_FORMAT = 'F Y' -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/8d14d16c-4dce-4ddf-9e6f-7396ef8cf997%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.