I agree with Anthony's comments here. Nothing of what is shown is web2py related. This appears to be a php exploit.
Massimo P.S. I stand by Niphlod. He did not say anything offending and his comment was insightful. We do not recommend apache+mod_wsgi because there are better ways (nginx+uwsgi). Although this is nothing to do with the php exploit above. On Friday, 26 February 2016 06:46:36 UTC-6, Anthony wrote: > > On Friday, February 26, 2016 at 4:57:47 AM UTC-5, Robin Manoli wrote: >> >> >> *About the exploit*There is an exploit is was happening. I thought they >> were related to a web2py app on Apache, but I'm sure any more. What is >> happening is that another web server keeps getting this type of requests >> from a server I'm working on. This keeps happening although the ports 80 >> and 443 (and almost all other ports) for outbound traffic of the servers >> are closed. ModProxy is disabled. >> >> server.ip - - [ -0500] "GET >> /index.php?page=../../../../../../../../proc/self/environ%00 HTTP/1.1" >> 200 7792 "-" "Mozilla/4.76 [en] (Win98; U)" >> > > So, is the above log entry from the *other* server (i.e., not the one you > control)? I presume the "server.ip" value is the IP address of your server, > hence the belief that this request is coming from your server, correct? If > so, how did you get this log entry? Did the owner of the server contact you > and provide it? Did they request any information from you? Can you trust > that this is real (as opposed to a social engineering attempt)? > > >> I did find some suspicious apache logs which made me think it was related >> to a web2py app: >> 213.152.162.134 - - [23/Feb/2016:22:32:19 +0100] "GET >> http://stream-full.selfip.com:8000/get.php?username=anonyme1520091ef3&password=anonyme1520091ef3&type=m3u&output=mpegts&1=anonyme1520091ef >> 3 HTTP/1.0" 400 804 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) >> AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3" >> 185.25.148.240 - - [24/Feb/2016:14:38:31 +0100] "GET >> http://testp3.pospr.waw.pl/testproxy.php HTTP/1.1" 404 267 "-" "Mozilla/5.0 >> (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0" >> 213.152.162.134 - - [24/Feb/2016:19:44:56 +0100] "GET >> http://stream-full.selfip.com:8000/get.php?username=whatisashelly&password=whatisashelly&type=m3u&output=mpegts&1=whatisashelly >> >> HTTP/1.0" >> 500 1091 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET >> CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR >> 3.5.30729)" >> >> > I don't see how any of these requests would be related to web2py/WSGI (as > they are not for internal URLs that would be served by web2py), nor how > they would be related to the alleged external request to the other server > (which is not at any of these URLs). Looks like someone was just trying > (and failing) to proxy requests through your server. > > I did not wish to say that web2py has any specific issues, but rather to >> learn about potential and perhaps common mistakes people do when creating >> web2py or wsgi apps. >> > > With regard to "proxy abuse" specifically, WSGI and web2py play no role -- > this is simply an issue of the web server (and it seems not to be a problem > in your case). > > >> >> *About why I use apache*You are right of course Niphlod. The full story >> is just that I had a working setup with Apache without any issues, so I was >> focusing on app development and not choosing web servers. It worked very >> well so far in the context, and it's not really important to discuss this >> any further. I have my reasons for why things are like they are, and of >> course I can move to nginx. >> > > If you can, it might not be a bad idea to switch to Nginx, but at the > moment, it's not clear that Apache is really causing any problems here. > > Anthony > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
