Re: OT: getting strange attempted gets

2010-11-16 Thread Steve Holden 
On 11/16/2010 10:52 AM, Scot Hacker wrote:
> On Nov 15, 8:45 pm, Steve Holden  wrote:
>>
>> Perhaps he did, but that's no reason to believe him until we know that
>> his assessment of the situation  is likely to be realistic. Don't forget
>> that a lot of people who post here aren't particularly experienced and
>> so may not appreciate exactly what's going on.
> 
> I dunno. When you sit there watching runserver registering hits on
> bizarre URLs and you know you're not the one clicking through the test
> site, it's pretty obvious that something else is going on.
> 
But until we've seen the URLs we have no idea whether they really are
unrelated, do we?

regards
 Steve
-- 
DjangoCon US 2010 September 7-9 http://djangocon.us/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: OT: getting strange attempted gets

2010-11-16 Thread Scot Hacker 
On Nov 15, 8:45 pm, Steve Holden  wrote:
>
> Perhaps he did, but that's no reason to believe him until we know that
> his assessment of the situation  is likely to be realistic. Don't forget
> that a lot of people who post here aren't particularly experienced and
> so may not appreciate exactly what's going on.

I dunno. When you sit there watching runserver registering hits on
bizarre URLs and you know you're not the one clicking through the test
site, it's pretty obvious that something else is going on.

./s

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: OT: getting strange attempted gets

2010-11-15 Thread Steve Holden 
On 11/15/2010 12:03 PM, Scot Hacker wrote:
> On Nov 14, 11:25 am, Federico Capoano 
> wrote:
>> > No one is attacking your server, that's just the django server telling
>> > you what's going on in your app (when you perform any action the
>> > server logs it).
> Right, but he said he's seeing requests that *can't* be explained by
> his own requests.
[...]

Perhaps he did, but that's no reason to believe him until we know that
his assessment of the situation  is likely to be realistic. Don't forget
that a lot of people who post here aren't particularly experienced and
so may not appreciate exactly what's going on.

regards
 Steve
-- 
DjangoCon US 2010 September 7-9 http://djangocon.us/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: OT: getting strange attempted gets

2010-11-15 Thread Scot Hacker 
On Nov 14, 11:25 am, Federico Capoano 
wrote:
> No one is attacking your server, that's just the django server telling
> you what's going on in your app (when you perform any action the
> server logs it).

Right, but he said he's seeing requests that *can't* be explained by
his own requests.

I see this too when running runserver on the static IP of my dev box
rather than on localhost. In my case, it's almost always requests from
the university network security probes. It's actually satisfying to
sit there watching requests for all kinds of known XSS attempts,
security issues specific to common CMSs, etc., and see them all fail
against Django.

If you don't have security scanning happening on your network, it
could be requests from crackers running port scanners or similar.
Again, the solution is run runserver on 127.0.0.1, not on a public IP.

./s

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: OT: getting strange attempted gets

2010-11-14 Thread Federico Capoano 
No one is attacking your server, that's just the django server telling
you what's going on in your app (when you perform any action the
server logs it).

On Nov 14, 4:50 pm, John Fabiani  wrote:
> Hi,
> I'm a newbie to not only django but web programming in general.
>
> I have noticed that when I run my "python mange.py runserver" command I see
> strange entries that have nothing to do with my programming efforts.
>
> GET some URL  (not mine)  returns 404
> or
> CONNECTION some IP address (not on my network)   returns 404
>
> Does the above type entries reveal someone is attacking my server?
>
> Johnf

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: OT: getting strange attempted gets

2010-11-14 Thread Shawn Milochik 
On Sun, Nov 14, 2010 at 1:23 PM, John Fabiani  wrote:
> On Sunday, November 14, 2010 09:19:01 am Shawn Milochik wrote:
>> It's definitely possible. I've seen that myself before.
>>
>> Shawn
>
> While in this runserver mode is my database password exposed?
>
> Johnf


I don't think there's any way they can get that. However, the
development server is not tested for security and not meant to be used
in any situation which requires any security. It wouldn't hurt to
change your database password.

What command were you running to execute the development server? By
default it only serves your app on port 8000, and to localhost only.
You'd have to explicitly serve it on a publicly-accessible port and
allow access to clients other than 127.0.0.1. Is your development
server publicly accessible? Most people do their development on a
machine behind a NAT router, which should be pretty safe unless you're
explicitly forwarding ports to your personal computer.

Shawn

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: OT: getting strange attempted gets

2010-11-14 Thread John Fabiani 
On Sunday, November 14, 2010 09:19:01 am Shawn Milochik wrote:
> It's definitely possible. I've seen that myself before.
> 
> Shawn

While in this runserver mode is my database password exposed?

Johnf

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: OT: getting strange attempted gets

2010-11-14 Thread Shawn Milochik 
It's definitely possible. I've seen that myself before. 

Shawn

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.