The interwebs is a scary place.

I am working on a project where I am developing a webserver using Python as backend and HTML as frontend. With some help of my brother I created a Docker container containing the necessary resources for the website. I pushed the docker image to Azure Container Registry, used this image to deploy a container instance and connected the IP-address to a domain name.

My brother recommended me to check the logs of the container, to see if things were working as expected. Once I did, I started seeing lines like below. The log excerpt below shows a series of HTTP GET requests attempting to access various .env files in different directories of the web server. “Attacks”, if you will.

The attacks came from multiple IP adresses, indicating a coordinated attack or a single user using multiple sources. A wide range of directory names were used in the access requests. The requests were made in rapid succession, which is typical of automated scanning tools.

Interesting and scary stuff.

Any of you similar experiences with the wild west of the internet?

IP-address 1 – – [14/Oct/2024 00:44:43] “[33mGET /docker.env HTTP/1.1[0m” 404 –

IP-address 2 – – [14/Oct/2024 00:44:44] “[33mGET /docker/.env HTTP/1.1[0m” 404 –