Possible hack attempt

88 views
Skip to first unread message

Samuel Muiruri

unread,
Feb 1, 2019, 6:35:52 AM2/1/19
to Django users
I'm working on launching a site which currently is still linked to only an IP and thanks to how digitalocean recommends setting it up and how I built it I feel it's relatively safe provided that the security I implemented on ubuntu as recommended and Django's inbuilt security avoiding file browsing outside set path's and accessing info is maintained.

Still though getting this emails thanks to error handling shows someone is trying to access my sock file and I think it's only right this is pointed out to know if there's a known vulnerability.

Invalid HTTP_HOST header: '/home/sammy/webapp/decomagna/deco.sock:'. The domain name provided is not valid according to RFC 1034/1035.

Report at /
Invalid HTTP_HOST header: '/home/sammy/webapp/decomagna/deco.sock:'. The domain name provided is not valid according to RFC 1034/1035.

Request Method: GET
Request URL: http:///home/sammy/webapp/decomagna/deco.sock:/
Django Version: 2.0
Python Executable: /home/sammy/webapp/envs/deco/bin/python3
Python Version: 3.5.2
Python Path: ['/home/sammy/webapp/decomagna', '/home/sammy/webapp/envs/deco/bin', '/home/sammy/webapp/envs/deco/lib/python35.zip', '/home/sammy/webapp/envs/deco/lib/python3.5', '/home/sammy/webapp/envs/deco/lib/python3.5/plat-x86_64-linux-gnu', '/home/sammy/webapp/envs/deco/lib/python3.5/lib-dynload', '/usr/lib/python3.5', '/usr/lib/python3.5/plat-x86_64-linux-gnu', '/home/sammy/webapp/envs/deco/lib/python3.5/site-packages']
Server time: Thu, 31 Jan 2019 21:16:48 +0000
Installed Applications:
['django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'location_field.apps.DefaultConfig',
'mptt',
'ckeditor',
'ckeditor_uploader',
'inventory',
'common',
'pages']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware']

Request information:
USER: [unable to retrieve the current user]

GET: No GET data

POST: No POST data

FILES: No FILES data

COOKIES: No cookie data

META:
HTTP_ACCEPT = '*/*'
HTTP_CONNECTION = 'close'
HTTP_USER_AGENT = 'Mozilla/5.0(WindowsNT6.1;rv:31.0)Gecko/20100101Firefox/31.0'
HTTP_X_FORWARDED_FOR = '196.52.43.114'
HTTP_X_FORWARDED_PROTO = 'http'
HTTP_X_REAL_IP = '196.52.43.114'
PATH_INFO = '/'
QUERY_STRING = ''
RAW_URI = '/'
REMOTE_ADDR = ''
REQUEST_METHOD = 'GET'
SCRIPT_NAME = ''
SERVER_NAME = '/home/sammy/webapp/decomagna/deco.sock'
SERVER_PORT = ''
SERVER_PROTOCOL = 'HTTP/1.0'
SERVER_SOFTWARE = 'gunicorn/19.9.0'
gunicorn.socket = <socket.socket fd=10, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, laddr=/home/sammy/webapp/decomagna/deco.sock>
wsgi.errors = <gunicorn.http.wsgi.WSGIErrorsWrapper object at 0x7fa284bcea90>
wsgi.file_wrapper = ''
wsgi.input = <gunicorn.http.body.Body object at 0x7fa284bdbe10>
wsgi.multiprocess = True
wsgi.multithread = False
wsgi.run_once = False
wsgi.url_scheme = 'http'
wsgi.version = '(1, 0)'

Settings:
Using settings module decomagna.settings
ABSOLUTE_URL_OVERRIDES = {}
ADMINS = [('Samuel Muiruri', 'muiruri...@gmail.com')]
ALLOWED_HOSTS = ['68.183.98.238']
APPEND_SLASH = True
AUTHENTICATION_BACKENDS = ['django.contrib.auth.backends.ModelBackend']
AUTH_PASSWORD_VALIDATORS = '********************'
AUTH_USER_MODEL = 'auth.User'
BASE_DIR = '/home/sammy/webapp/decomagna'
CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}}
CACHE_MIDDLEWARE_ALIAS = 'default'
CACHE_MIDDLEWARE_KEY_PREFIX = '********************'
CACHE_MIDDLEWARE_SECONDS = 600
CKEDITOR_BASEPATH = '/static/ckeditor/ckeditor/'
CKEDITOR_CONFIGS = {'default': {'toolbar': None, 'allowedContent': True}, 'disableNativeSpellChecker': False, 'basic_ckeditor': {'toolbar': 'Basic'}}
CKEDITOR_UPLOAD_PATH = 'ckeditor/'
CONTACT_ADMINS = []
CSRF_COOKIE_AGE = 31449600
CSRF_COOKIE_DOMAIN = None
CSRF_COOKIE_HTTPONLY = False
CSRF_COOKIE_NAME = 'csrftoken'
CSRF_COOKIE_PATH = '/'
CSRF_COOKIE_SECURE = False
CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure'
CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN'
CSRF_TRUSTED_ORIGINS = []
CSRF_USE_SESSIONS = False
DATABASES = ...
DATABASE_ROUTERS = []
DATA_UPLOAD_MAX_MEMORY_SIZE = 2621440
DATA_UPLOAD_MAX_NUMBER_FIELDS = 1000
DATETIME_FORMAT = 'N j, Y, P'
DATETIME_INPUT_FORMATS = ['%Y-%m-%d %H:%M:%S', '%Y-%m-%d %H:%M:%S.%f', '%Y-%m-%d %H:%M', '%Y-%m-%d', '%m/%d/%Y %H:%M:%S', '%m/%d/%Y %H:%M:%S.%f', '%m/%d/%Y %H:%M', '%m/%d/%Y', '%m/%d/%y %H:%M:%S', '%m/%d/%y %H:%M:%S.%f', '%m/%d/%y %H:%M', '%m/%d/%y']
DATE_FORMAT = 'N j, Y'
DATE_INPUT_FORMATS = ['%Y-%m-%d', '%m/%d/%Y', '%m/%d/%y', '%b %d %Y', '%b %d, %Y', '%d %b %Y', '%d %b, %Y', '%B %d %Y', '%B %d, %Y', '%d %B %Y', '%d %B, %Y']
DEBUG = False
DEBUG_PROPAGATE_EXCEPTIONS = False
DECIMAL_SEPARATOR = '.'
DEFAULT_CHARSET = 'utf-8'
DEFAULT_CONTENT_TYPE = 'text/html'
DEFAULT_EXCEPTION_REPORTER_FILTER = 'django.views.debug.SafeExceptionReporterFilter'
DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage'
DEFAULT_FROM_EMAIL = 'webmaster@localhost'
DEFAULT_INDEX_TABLESPACE = ''
DEFAULT_TABLESPACE = ''
DISALLOWED_USER_AGENTS = []
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_HOST_PASSWORD = '********************'
EMAIL_HOST_USER = 'no-r...@decomagna.com'
EMAIL_PORT = 587
EMAIL_SSL_CERTFILE = None
EMAIL_SSL_KEYFILE = '********************'
EMAIL_SUBJECT_PREFIX = '[Django] '
EMAIL_TIMEOUT = None
EMAIL_USE_LOCALTIME = False
EMAIL_USE_SSL = False
EMAIL_USE_TLS = True
FILE_CHARSET = 'utf-8'
FILE_UPLOAD_DIRECTORY_PERMISSIONS = None
FILE_UPLOAD_HANDLERS = ['django.core.files.uploadhandler.MemoryFileUploadHandler', 'django.core.files.uploadhandler.TemporaryFileUploadHandler']
FILE_UPLOAD_MAX_MEMORY_SIZE = 2621440
FILE_UPLOAD_PERMISSIONS = None
FILE_UPLOAD_TEMP_DIR = None
FIRST_DAY_OF_WEEK = 0
FIXTURE_DIRS = []
FORCE_SCRIPT_NAME = None
FORMAT_MODULE_PATH = None
FORM_RENDERER = 'django.forms.renderers.DjangoTemplates'
GOOGLE_MAPS_API_KEY = '********************'
IGNORABLE_404_URLS = []
INSTALLED_APPS = ['django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'location_field.apps.DefaultConfig', 'mptt', 'ckeditor', 'ckeditor_uploader', 'inventory', 'common', 'pages']
INTERNAL_IPS = []
LANGUAGES = ...
LANGUAGES_BIDI = ['he', 'ar', 'fa', 'ur']
LANGUAGE_CODE = 'en-us'
LANGUAGE_COOKIE_AGE = None
LANGUAGE_COOKIE_DOMAIN = None
LANGUAGE_COOKIE_NAME = 'django_language'
LANGUAGE_COOKIE_PATH = '/'
LOCALE_PATHS = []
LOCATION_FIELD = {'provider.google.map_type': 'ROADMAP', 'provider.mapbox.id': 'mapbox.streets', 'resources.media': {'js': ['/static/location_field/js/jquery.livequery.js', '/static/location_field/js/form.js']}, 'map.provider': 'google', 'provider.mapbox.access_token': '********************', 'provider.mapbox.max_zoom': 18, 'search.suffix': '', 'search.provider': 'google', 'map.zoom': 13, 'provider.google.api': '********************', 'resources.root_path': '/static/location_field', 'provider.google.api_key': '********************', 'provider.openstreetmap.max_zoom': 18}
LOGGING = {}
LOGGING_CONFIG = 'logging.config.dictConfig'
LOGIN_REDIRECT_URL = '/accounts/profile/'
LOGIN_URL = '/sign-up'
LOGOUT_REDIRECT_URL = None
MANAGERS = []
MEDIA_ROOT = '/home/sammy/webapp/decomagna/media'
MEDIA_URL = '/media/'
MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage'
MIDDLEWARE = ['django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware']
MIGRATION_MODULES = {}
MONTH_DAY_FORMAT = 'F j'
NUMBER_GROUPING = 0
PASSWORD_HASHERS = '********************'
PASSWORD_RESET_TIMEOUT_DAYS = '********************'
PREPEND_WWW = False
ROOT_URLCONF = 'decomagna.urls'
SECRET_KEY = '********************'
SECURE_BROWSER_XSS_FILTER = False
SECURE_CONTENT_TYPE_NOSNIFF = False
SECURE_HSTS_INCLUDE_SUBDOMAINS = False
SECURE_HSTS_PRELOAD = False
SECURE_HSTS_SECONDS = 0
SECURE_PROXY_SSL_HEADER = None
SECURE_REDIRECT_EXEMPT = []
SECURE_SSL_HOST = None
SECURE_SSL_REDIRECT = False
SERVER_EMAIL = 'no-r...@decomagna.com'
SESSION_CACHE_ALIAS = 'default'
SESSION_COOKIE_AGE = 1209600
SESSION_COOKIE_DOMAIN = None
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_NAME = 'sessionid'
SESSION_COOKIE_PATH = '/'
SESSION_COOKIE_SECURE = False
SESSION_ENGINE = 'django.contrib.sessions.backends.db'
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
SESSION_FILE_PATH = None
SESSION_SAVE_EVERY_REQUEST = False
SESSION_SERIALIZER = 'django.contrib.sessions.serializers.JSONSerializer'
SETTINGS_MODULE = 'decomagna.settings'
SHORT_DATETIME_FORMAT = 'm/d/Y P'
SHORT_DATE_FORMAT = 'm/d/Y'
SIGNING_BACKEND = 'django.core.signing.TimestampSigner'
SILENCED_SYSTEM_CHECKS = []
SITE_NAME = 'DecoMagna'
STATICFILES_DIRS = "('/home/sammy/webapp/decomagna/static',)"
STATICFILES_FINDERS = ['django.contrib.staticfiles.finders.FileSystemFinder', 'django.contrib.staticfiles.finders.AppDirectoriesFinder']
STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage'
STATIC_ROOT = None
STATIC_URL = '/static/'
TEMPLATES = [{'BACKEND': 'django.template.backends.django.DjangoTemplates', 'APP_DIRS': True, 'DIRS': ['/home/sammy/webapp/decomagna/templates'], 'OPTIONS': {'context_processors': ['django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', 'pages.context_processors.pages']}}]
TEST_NON_SERIALIZED_APPS = []
TEST_RUNNER = 'django.test.runner.DiscoverRunner'
THOUSAND_SEPARATOR = ','
TIME_FORMAT = 'P'
TIME_INPUT_FORMATS = ['%H:%M:%S', '%H:%M:%S.%f', '%H:%M']
TIME_ZONE = 'UTC'
UPLOADCARE = {'pub_key': '********************', 'secret': '********************'}
UPLOAD_DIR = '/home/sammy/webapp/decomagna/media/uploads'
USE_ETAGS = False
USE_I18N = True
USE_L10N = True
USE_THOUSAND_SEPARATOR = False
USE_TZ = True
USE_X_FORWARDED_HOST = False
USE_X_FORWARDED_PORT = False
WSGI_APPLICATION = 'decomagna.wsgi.application'
X_FRAME_OPTIONS = 'SAMEORIGIN'
YEAR_MONTH_FORMAT = 'F Y'

Jason

unread,
Feb 1, 2019, 7:32:05 AM2/1/19
to Django users
this really isn't django's responsibility to handle, but more at the level of your apache or nginx webserver that routes to django

I really hope you're running this with DEBUG=False in your settings

Check https://www.fail2ban.org/wiki/index.php/Main_Page for some ip-based filtering you can use

Samuel Muiruri

unread,
Feb 1, 2019, 8:04:36 AM2/1/19
to django...@googlegroups.com
I got it handled I just wanted to point out I noticed something bizarre for two reasons:
  1. Get devs on alert that this exists (I don't believe my system is compromised)
  2. Ensure the community might pick on this if said hacker plans to target django sites.

--
You received this message because you are subscribed to a topic in the Google Groups "Django users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/django-users/yARoNR2ErN4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/73f90195-3858-429a-9545-4f5a41024239%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages