dealing with spam coming from scanning, script kiddies
13 views
Skip to first unread message
f.holop
May 18, 2020, 4:29:05 PM5/18/20
to django...@googlegroups.com
hi,
i am fishing for some ideas how to prevent django from doing a "lot of
drama" when some script kiddy is hitting it with a scan or other types
of invalid requests like this:
Subject: ERROR (EXTERNAL IP): Internal Server Error: /
Internal Server Error: /
ValueError at /
A string literal cannot contain NUL (0x00) characters.
Request Method: GET
Request URL: https://somehost/?action=48&lang=../../../../../../../../../../etc/passwd%00.jpg&project=1
...
even with the admin emails turned off this logs a lot and that is not
cheap on a server that is already under a higher load from all this
nonsense.
obviously at some point some kind of rate limiting must be applied at a
lower layer, but even then these requests will keep coming spamming logs
and mails.
-f
--
i am fishing for some ideas how to prevent django from doing a "lot of
drama" when some script kiddy is hitting it with a scan or other types
of invalid requests like this:
Subject: ERROR (EXTERNAL IP): Internal Server Error: /
Internal Server Error: /
ValueError at /
A string literal cannot contain NUL (0x00) characters.
Request Method: GET
Request URL: https://somehost/?action=48&lang=../../../../../../../../../../etc/passwd%00.jpg&project=1
...
even with the admin emails turned off this logs a lot and that is not
cheap on a server that is already under a higher load from all this
nonsense.
obviously at some point some kind of rate limiting must be applied at a
lower layer, but even then these requests will keep coming spamming logs
and mails.
-f
--
Reply all
Reply to author
Forward
0 new messages