Background: Yesterday I started working on a simple metrics dashboard. I have a VBScript on my internal network that queries a database over a VPN from our Vendor. I then do a simple HTTP post to a node.js server listening on port 8000. I have zero security. All my script sends is a URL formatted like http://myserver.com:8000/name1,value2
. The server then takes these and creates a new timeseries based on the first value, if it doesn't exist, and plots a point based on the second value. I pushed this to my public server yesterday about 2:00 PM.
This morning when I came in, there was a new time-series with the following URL as the name: http://testp2.czar.bielawa.pl/testproxy.php
Obviously I need to do some sort of validation that the data is coming from my network, but should I be concerned about this in general? What other steps should I take? The node.js server only parses the URL. It does not even try to process a payload. This data is not sensitive, it's just numbers of transactions for our customers and the customer names (which are publicly available).