Hello!
I have old instance of Turbogears running my hobby site. I think it is version 2.0 or something around. For some time there appearing some error logs. It is seems that the source of them are automatic internet scans and hack attempts for common CMS. Few of them was quite trivial and I fixed them. But with these two I don't really know what to do.
I don't think that something really harmful is happening but that logs are just accumulating.
I appreciate any help to fix these errors. At least point me where to start.
Here are the two examples logs and related CGI Variables
===== first one =========
LOG:
URL:
https://example.com/webapp/Module weberror.errormiddleware:162 in __call__
Module tg.configuration:796 in remover
Module
repoze.tm:23 in __call__
Module repoze.who.middleware:65 in __call__
Module repoze.who.middleware:162 in identify
Module repoze.who.plugins.auth_tkt:51 in identify
Module paste.request:48 in get_cookies
Module Cookie:629 in load
>> self.__ParseString(rawdata)
Module Cookie:662 in __ParseString
>> self.__set(K, rval, cval)
Module Cookie:582 in __set
>> M.set(key, real_value, coded_value)
Module Cookie:457 in set
>> raise CookieError("Illegal key value: %s" % key)
CookieError: Illegal key value: ?>'|utmccn
CGI Variables:
GATEWAY_INTERFACE 'CGI/1.1'
HTTP_ACCEPT '*/*'
HTTP_CONNECTION 'close'
HTTP_COOKIE "__utmz=264345247.1261843448.2.3.utmcsr=
mihrosofta.net'<?php print(238947899389478923-34567343546345); ?>'|utmccn=(referral)|utmcmd=referral|utmcct=/toster/mem'<?php print(238947899389478923-34567343546345); ?>'ories/63791/"
HTTP_DEVICE_STOCK_UA "SAMSUNG-GT-C5212i/C5212iXEKD1 NetFront/3.4 Profile/MIDP-2.0 Configuration/CLDC-1.1'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_FORWARDED 'for="
46.112.183.23:6267"\'<?php print(238947899389478923-34567343546345); ?>\''
HTTP_HOST '
example.com'
HTTP_REFERER "
http://www.google.com/'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_REVERSE_VIA "rn'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_USER_AGENT "Mozilla/5.9'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_WAP_CONNECTION "Stack-Type=HTTP'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_CONTENT_OPT "Turbo/4.29.2638'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_EBO_UA "BID=1.3.0, BCReq=FC261D01B55BF9EED83025F313550A07'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_FORWARDED_PROTOCOL 'https'
HTTP_X_OPERAMINI_FEATURES "advanced, file-system, folding, routing'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_OPERAMINI_PHONE "? # ?'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_OPERAMINI_PHONE_UA "SAMSUNG-GT-C5212i/C5212iXEKD1 NetFront/3.4 Profile/MIDP-2.0 Configuration/CLDC-1.1'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_OPERAMINI_ROUTE "2'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_PIPER_ID "5691131607'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_POWERED_BY "
ASP.NET'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_REAL_IP '5.135.230.129'
HTTP_X_REQUESTED_WITH "com.android.browser'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_UA_COMPATIBLE "IE=EmulateIE7'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_UCBROWSER_UA "pf(Linux);la(zh-CN);re(AppleWebKit/534.31 (KHTML, like Gecko));dv(GT-I9001 Build/GINGERBREAD);pr(UCBrowser/9.2.0.308);ov(Android 2.3.6);pi(480*762);ss(480*762);up(U3/0.8.0);er(U);bt(GJ);pm(1);bv(1);nm(0);im(0);sr(0);nt(1);'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_VARNISH "ass'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_WAP_PROFILE "
http://gsm.lge.com/html/gsm/P940-M6-D2.xml'<?php print(238947899389478923-34567343546345); ?>'"
PATH_INFO '/'
PATH_TRANSLATED 'redirect:/webapp/'
REMOTE_ADDR '5.135.230.129'
REMOTE_PORT '26792'
REQUEST_METHOD 'GET'
REQUEST_SCHEME 'http'
REQUEST_URI '/webapp/'
SCRIPT_FILENAME '/webapp/webapp.wsgi'
SCRIPT_NAME '/webapp'
=========================
===== second one ========
LOG:
URL:
https://example.com/webapp/pages/indexModule weberror.errormiddleware:162 in __call__
Module tg.configuration:796 in remover
Module
repoze.tm:23 in __call__
Module repoze.who.middleware:107 in __call__
Module tw.core.middleware:43 in __call__
Module tw.core.middleware:68 in wsgi_app
Module webob.request:919 in get_response
Module webob.request:887 in call_application
Module tw.core.resource_injector:68 in _injector
Module webob.request:919 in get_response
Module webob.request:887 in call_application
Module beaker.middleware:73 in __call__
Module beaker.middleware:152 in __call__
Module routes.middleware:131 in __call__
Module pylons.wsgiapp:107 in __call__
Module pylons.wsgiapp:312 in dispatch
Module cafealpha.lib.base:32 in __call__
>> return TGController.__call__(self, environ, start_response)
Module pylons.controllers.core:211 in __call__
Module pylons.controllers.core:162 in _dispatch_call
Module pylons.controllers.core:105 in _inspect_call
Module tg.controllers.dispatcher:254 in _perform_call
Module tg.controllers.decoratedcontroller:133 in _call
Module tg.controllers.decoratedcontroller:237 in _render_response
Module tg.decorators:128 in lookup_template_engine
Module paste.util.mimeparse:108 in best_match
Module paste.util.mimeparse:52 in parse_media_range
Module paste.util.mimeparse:35 in parse_mime_type
ValueError: need more than 1 value to unpack
CGI Variables:
CONTEXT_DOCUMENT_ROOT '/home/username/www/site1/public_html'
DOCUMENT_ROOT '/home/username/www/site1/public_html'
GATEWAY_INTERFACE 'CGI/1.1'
HTTP_ACCEPT 'text/html,application/xhtml+xml,application/xml;q=0.9,*;q=0.8'
HTTP_ACCEPT_CHARSET 'windows-1251,utf-8;q=0.7,*;q=0.7'
HTTP_ACCEPT_ENCODING 'deflate'
HTTP_ACCEPT_LANGUAGE 'ru,en-us;q=0.7,en;q=0.3'
HTTP_CONNECTION 'close'
HTTP_HOST '
example.com'
HTTP_USER_AGENT 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0'
HTTP_X_FORWARDED_PROTOCOL 'https'
HTTP_X_REAL_IP '37.143.15.220'
PATH_INFO '/pages/index'
PATH_TRANSLATED 'redirect:/webapp/pages/index/index'
REMOTE_ADDR '37.143.15.220'
REMOTE_PORT '63698'
REQUEST_METHOD 'GET'
REQUEST_SCHEME 'http'
REQUEST_URI '/webapp/pages/index'
SCRIPT_FILENAME '/home/username/www/site1/webapp/webapp.wsgi'
SCRIPT_NAME '/webapp'
==================
_____________________
Mikhail.