The interwebs is a scary place.<\/p>\n\n\n\n
I am working on a project where I am developing a webserver using Python as backend and HTML as frontend. With some help of my brother I created a Docker container containing the necessary resources for the website. I pushed the docker image to Azure Container Registry, used this image to deploy a container instance and connected the IP-address to a domain name.<\/p>\n\n\n\n
My brother recommended me to check the logs of the container, to see if things were working as expected. Once I did, I started seeing lines like below. The log excerpt below shows a series of HTTP GET requests attempting to access various .env files in different directories of the web server.\u00a0\u201cAttacks\u201d, if you will.<\/p>\n\n\n\n
The attacks came from multiple IP adresses, indicating a coordinated attack or a single user using multiple sources. A wide range of directory names were used in the access requests. The requests were made in rapid succession, which is typical of automated scanning tools.<\/p>\n\n\n\n
Interesting and scary stuff.<\/p>\n\n\n\n
Any of you similar experiences with the wild west of the internet?<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
IP-address 1 – – [14\/Oct\/2024 00:44:43] “[33mGET \/docker.env HTTP\/1.1[0m” 404 \u2013 <\/p>\n\n\n\n
IP-address 2 – – [14\/Oct\/2024 00:44:44] “[33mGET \/docker\/.env HTTP\/1.1[0m” 404 –<\/p>\n","protected":false},"excerpt":{"rendered":"
The interwebs is a scary place. I am working on a project where I am developing a webserver using Python as backend and HTML as frontend. With some help of my brother I created a Docker container containing the necessary resources for the website. I pushed the docker image to Azure Container Registry, used this…<\/p>\n