Need help to fix some errors found in logs
42 views
Skip to first unread message
Mikhail
Jan 20, 2019, 2:28:03 PM1/20/19
to TurboGears
Hello!
I have old instance of Turbogears running my hobby site. I think it is version 2.0 or something around. For some time there appearing some error logs. It is seems that the source of them are automatic internet scans and hack attempts for common CMS. Few of them was quite trivial and I fixed them. But with these two I don't really know what to do.
I don't think that something really harmful is happening but that logs are just accumulating.
I appreciate any help to fix these errors. At least point me where to start.
Here are the two examples logs and related CGI Variables
===== first one =========
LOG:
URL: https://example.com/webapp/
Module weberror.errormiddleware:162 in __call__
Module tg.configuration:796 in remover
Module repoze.tm:23 in __call__
Module repoze.who.middleware:65 in __call__
Module repoze.who.middleware:162 in identify
Module repoze.who.plugins.auth_tkt:51 in identify
Module paste.request:48 in get_cookies
Module Cookie:629 in load
>> self.__ParseString(rawdata)
Module Cookie:662 in __ParseString
>> self.__set(K, rval, cval)
Module Cookie:582 in __set
>> M.set(key, real_value, coded_value)
Module Cookie:457 in set
>> raise CookieError("Illegal key value: %s" % key)
CookieError: Illegal key value: ?>'|utmccn
CGI Variables:
GATEWAY_INTERFACE 'CGI/1.1'
HTTP_ACCEPT '*/*'
HTTP_CONNECTION 'close'
HTTP_COOKIE "__utmz=264345247.1261843448.2.3.utmcsr=mihrosofta.net'<?php print(238947899389478923-34567343546345); ?>'|utmccn=(referral)|utmcmd=referral|utmcct=/toster/mem'<?php print(238947899389478923-34567343546345); ?>'ories/63791/"
HTTP_DEVICE_STOCK_UA "SAMSUNG-GT-C5212i/C5212iXEKD1 NetFront/3.4 Profile/MIDP-2.0 Configuration/CLDC-1.1'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_FORWARDED 'for="46.112.183.23:6267"\'<?php print(238947899389478923-34567343546345); ?>\''
HTTP_HOST 'example.com'
HTTP_REFERER "http://www.google.com/'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_REVERSE_VIA "rn'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_USER_AGENT "Mozilla/5.9'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_WAP_CONNECTION "Stack-Type=HTTP'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_CONTENT_OPT "Turbo/4.29.2638'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_EBO_UA "BID=1.3.0, BCReq=FC261D01B55BF9EED83025F313550A07'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_FORWARDED_PROTOCOL 'https'
HTTP_X_OPERAMINI_FEATURES "advanced, file-system, folding, routing'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_OPERAMINI_PHONE "? # ?'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_OPERAMINI_PHONE_UA "SAMSUNG-GT-C5212i/C5212iXEKD1 NetFront/3.4 Profile/MIDP-2.0 Configuration/CLDC-1.1'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_OPERAMINI_ROUTE "2'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_PIPER_ID "5691131607'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_POWERED_BY "ASP.NET'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_REAL_IP '5.135.230.129'
HTTP_X_REQUESTED_WITH "com.android.browser'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_UA_COMPATIBLE "IE=EmulateIE7'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_UCBROWSER_UA "pf(Linux);la(zh-CN);re(AppleWebKit/534.31 (KHTML, like Gecko));dv(GT-I9001 Build/GINGERBREAD);pr(UCBrowser/9.2.0.308);ov(Android 2.3.6);pi(480*762);ss(480*762);up(U3/0.8.0);er(U);bt(GJ);pm(1);bv(1);nm(0);im(0);sr(0);nt(1);'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_VARNISH "ass'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_WAP_PROFILE "http://gsm.lge.com/html/gsm/P940-M6-D2.xml'<?php print(238947899389478923-34567343546345); ?>'"
PATH_INFO '/'
PATH_TRANSLATED 'redirect:/webapp/'
REMOTE_ADDR '5.135.230.129'
REMOTE_PORT '26792'
REQUEST_METHOD 'GET'
REQUEST_SCHEME 'http'
REQUEST_URI '/webapp/'
SCRIPT_FILENAME '/webapp/webapp.wsgi'
SCRIPT_NAME '/webapp'
=========================
===== second one ========
LOG:
URL: https://example.com/webapp/pages/index
Module weberror.errormiddleware:162 in __call__
Module tg.configuration:796 in remover
Module repoze.tm:23 in __call__
Module repoze.who.middleware:107 in __call__
Module tw.core.middleware:43 in __call__
Module tw.core.middleware:68 in wsgi_app
Module webob.request:919 in get_response
Module webob.request:887 in call_application
Module tw.core.resource_injector:68 in _injector
Module webob.request:919 in get_response
Module webob.request:887 in call_application
Module beaker.middleware:73 in __call__
Module beaker.middleware:152 in __call__
Module routes.middleware:131 in __call__
Module pylons.wsgiapp:107 in __call__
Module pylons.wsgiapp:312 in dispatch
Module cafealpha.lib.base:32 in __call__
>> return TGController.__call__(self, environ, start_response)
Module pylons.controllers.core:211 in __call__
Module pylons.controllers.core:162 in _dispatch_call
Module pylons.controllers.core:105 in _inspect_call
Module tg.controllers.dispatcher:254 in _perform_call
Module tg.controllers.decoratedcontroller:133 in _call
Module tg.controllers.decoratedcontroller:237 in _render_response
Module tg.decorators:128 in lookup_template_engine
Module paste.util.mimeparse:108 in best_match
Module paste.util.mimeparse:52 in parse_media_range
Module paste.util.mimeparse:35 in parse_mime_type
ValueError: need more than 1 value to unpack
CGI Variables:
CONTEXT_DOCUMENT_ROOT '/home/username/www/site1/public_html'
DOCUMENT_ROOT '/home/username/www/site1/public_html'
GATEWAY_INTERFACE 'CGI/1.1'
HTTP_ACCEPT 'text/html,application/xhtml+xml,application/xml;q=0.9,*;q=0.8'
HTTP_ACCEPT_CHARSET 'windows-1251,utf-8;q=0.7,*;q=0.7'
HTTP_ACCEPT_ENCODING 'deflate'
HTTP_ACCEPT_LANGUAGE 'ru,en-us;q=0.7,en;q=0.3'
HTTP_CONNECTION 'close'
HTTP_HOST 'example.com'
HTTP_USER_AGENT 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0'
HTTP_X_FORWARDED_PROTOCOL 'https'
HTTP_X_REAL_IP '37.143.15.220'
PATH_INFO '/pages/index'
PATH_TRANSLATED 'redirect:/webapp/pages/index/index'
REMOTE_ADDR '37.143.15.220'
REMOTE_PORT '63698'
REQUEST_METHOD 'GET'
REQUEST_SCHEME 'http'
REQUEST_URI '/webapp/pages/index'
SCRIPT_FILENAME '/home/username/www/site1/webapp/webapp.wsgi'
SCRIPT_NAME '/webapp'
==================
_____________________
Mikhail.
I have old instance of Turbogears running my hobby site. I think it is version 2.0 or something around. For some time there appearing some error logs. It is seems that the source of them are automatic internet scans and hack attempts for common CMS. Few of them was quite trivial and I fixed them. But with these two I don't really know what to do.
I don't think that something really harmful is happening but that logs are just accumulating.
I appreciate any help to fix these errors. At least point me where to start.
Here are the two examples logs and related CGI Variables
===== first one =========
LOG:
URL: https://example.com/webapp/
Module weberror.errormiddleware:162 in __call__
Module tg.configuration:796 in remover
Module repoze.tm:23 in __call__
Module repoze.who.middleware:65 in __call__
Module repoze.who.middleware:162 in identify
Module repoze.who.plugins.auth_tkt:51 in identify
Module paste.request:48 in get_cookies
Module Cookie:629 in load
>> self.__ParseString(rawdata)
Module Cookie:662 in __ParseString
>> self.__set(K, rval, cval)
Module Cookie:582 in __set
>> M.set(key, real_value, coded_value)
Module Cookie:457 in set
>> raise CookieError("Illegal key value: %s" % key)
CookieError: Illegal key value: ?>'|utmccn
CGI Variables:
GATEWAY_INTERFACE 'CGI/1.1'
HTTP_ACCEPT '*/*'
HTTP_CONNECTION 'close'
HTTP_COOKIE "__utmz=264345247.1261843448.2.3.utmcsr=mihrosofta.net'<?php print(238947899389478923-34567343546345); ?>'|utmccn=(referral)|utmcmd=referral|utmcct=/toster/mem'<?php print(238947899389478923-34567343546345); ?>'ories/63791/"
HTTP_DEVICE_STOCK_UA "SAMSUNG-GT-C5212i/C5212iXEKD1 NetFront/3.4 Profile/MIDP-2.0 Configuration/CLDC-1.1'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_FORWARDED 'for="46.112.183.23:6267"\'<?php print(238947899389478923-34567343546345); ?>\''
HTTP_HOST 'example.com'
HTTP_REFERER "http://www.google.com/'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_REVERSE_VIA "rn'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_USER_AGENT "Mozilla/5.9'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_WAP_CONNECTION "Stack-Type=HTTP'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_CONTENT_OPT "Turbo/4.29.2638'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_EBO_UA "BID=1.3.0, BCReq=FC261D01B55BF9EED83025F313550A07'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_FORWARDED_PROTOCOL 'https'
HTTP_X_OPERAMINI_FEATURES "advanced, file-system, folding, routing'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_OPERAMINI_PHONE "? # ?'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_OPERAMINI_PHONE_UA "SAMSUNG-GT-C5212i/C5212iXEKD1 NetFront/3.4 Profile/MIDP-2.0 Configuration/CLDC-1.1'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_OPERAMINI_ROUTE "2'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_PIPER_ID "5691131607'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_POWERED_BY "ASP.NET'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_REAL_IP '5.135.230.129'
HTTP_X_REQUESTED_WITH "com.android.browser'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_UA_COMPATIBLE "IE=EmulateIE7'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_UCBROWSER_UA "pf(Linux);la(zh-CN);re(AppleWebKit/534.31 (KHTML, like Gecko));dv(GT-I9001 Build/GINGERBREAD);pr(UCBrowser/9.2.0.308);ov(Android 2.3.6);pi(480*762);ss(480*762);up(U3/0.8.0);er(U);bt(GJ);pm(1);bv(1);nm(0);im(0);sr(0);nt(1);'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_VARNISH "ass'<?php print(238947899389478923-34567343546345); ?>'"
HTTP_X_WAP_PROFILE "http://gsm.lge.com/html/gsm/P940-M6-D2.xml'<?php print(238947899389478923-34567343546345); ?>'"
PATH_INFO '/'
PATH_TRANSLATED 'redirect:/webapp/'
REMOTE_ADDR '5.135.230.129'
REMOTE_PORT '26792'
REQUEST_METHOD 'GET'
REQUEST_SCHEME 'http'
REQUEST_URI '/webapp/'
SCRIPT_FILENAME '/webapp/webapp.wsgi'
SCRIPT_NAME '/webapp'
=========================
===== second one ========
LOG:
URL: https://example.com/webapp/pages/index
Module weberror.errormiddleware:162 in __call__
Module tg.configuration:796 in remover
Module repoze.tm:23 in __call__
Module repoze.who.middleware:107 in __call__
Module tw.core.middleware:43 in __call__
Module tw.core.middleware:68 in wsgi_app
Module webob.request:919 in get_response
Module webob.request:887 in call_application
Module tw.core.resource_injector:68 in _injector
Module webob.request:919 in get_response
Module webob.request:887 in call_application
Module beaker.middleware:73 in __call__
Module beaker.middleware:152 in __call__
Module routes.middleware:131 in __call__
Module pylons.wsgiapp:107 in __call__
Module pylons.wsgiapp:312 in dispatch
Module cafealpha.lib.base:32 in __call__
>> return TGController.__call__(self, environ, start_response)
Module pylons.controllers.core:211 in __call__
Module pylons.controllers.core:162 in _dispatch_call
Module pylons.controllers.core:105 in _inspect_call
Module tg.controllers.dispatcher:254 in _perform_call
Module tg.controllers.decoratedcontroller:133 in _call
Module tg.controllers.decoratedcontroller:237 in _render_response
Module tg.decorators:128 in lookup_template_engine
Module paste.util.mimeparse:108 in best_match
Module paste.util.mimeparse:52 in parse_media_range
Module paste.util.mimeparse:35 in parse_mime_type
ValueError: need more than 1 value to unpack
CGI Variables:
CONTEXT_DOCUMENT_ROOT '/home/username/www/site1/public_html'
DOCUMENT_ROOT '/home/username/www/site1/public_html'
GATEWAY_INTERFACE 'CGI/1.1'
HTTP_ACCEPT 'text/html,application/xhtml+xml,application/xml;q=0.9,*;q=0.8'
HTTP_ACCEPT_CHARSET 'windows-1251,utf-8;q=0.7,*;q=0.7'
HTTP_ACCEPT_ENCODING 'deflate'
HTTP_ACCEPT_LANGUAGE 'ru,en-us;q=0.7,en;q=0.3'
HTTP_CONNECTION 'close'
HTTP_HOST 'example.com'
HTTP_USER_AGENT 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0'
HTTP_X_FORWARDED_PROTOCOL 'https'
HTTP_X_REAL_IP '37.143.15.220'
PATH_INFO '/pages/index'
PATH_TRANSLATED 'redirect:/webapp/pages/index/index'
REMOTE_ADDR '37.143.15.220'
REMOTE_PORT '63698'
REQUEST_METHOD 'GET'
REQUEST_SCHEME 'http'
REQUEST_URI '/webapp/pages/index'
SCRIPT_FILENAME '/home/username/www/site1/webapp/webapp.wsgi'
SCRIPT_NAME '/webapp'
==================
_____________________
Mikhail.
Mikhail
Jan 20, 2019, 2:34:58 PM1/20/19
to TurboGears
Sorry for spam.
I forgot to mention errors themselves:
First one is
<class 'Cookie.CookieError'>: Illegal key value: ?>|utmccn
Second is
<type 'exceptions.ValueError'>: need more than 1 value to unpack
воскресенье, 20 января 2019 г., 22:28:03 UTC+3 пользователь Mikhail написал:
Craig Small
Jan 22, 2019, 6:52:50 AM1/22/19
to TurboGears
Hi,
On Mon, 21 Jan 2019 at 06:28, Mikhail <push...@gmail.com> wrote:
> Module paste.request:48 in get_cookies> Module Cookie:629 in load
It looks like a very old implementation! Ideally upgrading to the latest should fix most of the problems, but its a big job.
For the first error, I looked at the paste/request.py code[1] and it has a try/except clause, maybe your version doesn't have this?
> Module tg.decorators:128 in lookup_template_engine
> Module paste.util.mimeparse:108 in best_match
> Module paste.util.mimeparse:52 in parse_media_range
> Module paste.util.mimeparse:35 in parse_mime_type
> ValueError: need more than 1 value to unpack
> Module paste.util.mimeparse:108 in best_match
> Module paste.util.mimeparse:52 in parse_media_range
> Module paste.util.mimeparse:35 in parse_mime_type
> ValueError: need more than 1 value to unpack
> HTTP_ACCEPT 'text/html,application/xhtml+xml,application/xml;q=0.9,*;q=0.8'
Not sure what version of paste you have here, but the accept string looks ok to me so not sure why its choking on it.
The code[2] has some try/except clauses, unless something is breaking up the string strangely.
Probably not all the answers, but hope it helped a bit.
1: https://github.com/cdent/paste/blob/e9d05aaaf39846a77bb36a66bb066490ff85bb24/paste/request.py#L55
1: https://github.com/cdent/paste/blob/e9d05aaaf39846a77bb36a66bb066490ff85bb24/paste/request.py#L55
--
You received this message because you are subscribed to the Google Groups "TurboGears" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turbogears+...@googlegroups.com.
To post to this group, send email to turbo...@googlegroups.com.
Visit this group at https://groups.google.com/group/turbogears.
For more options, visit https://groups.google.com/d/optout.
Mikhail
Jan 23, 2019, 10:13:42 AM1/23/19
to TurboGears
Thank you. I will look into this installation again on weekend.
And it seems time come to upgrade TG to newest version.
вторник, 22 января 2019 г., 14:52:50 UTC+3 пользователь Craig Small написал:
Reply all
Reply to author
Forward
0 new messages