3

I am a developer and I therefor I have very little knowledge on security. So I need some help understanding the attack on website which we launched recently for one of our client. Website is built on Ruby on Rails and hosted on EC2 Ubuntu.

In website log I see lot of requests which are unusual, below are few examples. Please let me know ways to tackle this. Thanks.

GET "/jquery/jQuery-File-Upload-jquery-ui/server/node/tmp/?C=D;O=A"

GET "/manager/html" for

GET "/phpBB3/images/avatars/"

GET "/phpmyadmin/scripts/setup.php"

GET "/w00tw00t.at.blackhats.romanian.anti-sec:)

Pramodtech
  • 141
  • 5
  • 7
    I take it when you say you have very little knowledge of security you mean with regards to a hardware layer. As a developer you should have knowledge of security as you should be making your code as secure as possible for what it needs to do/store – TommyBs Mar 03 '14 at 10:56
  • 13
    Hi Pramodtech, welcome to [security.se]. I apologize if this will sound gruff, but I take personal offence at your statement "a developer and I therefor I have very little knowledge on security". *I* am a developer, and though my personal focus is on security, every programmer must be well-versed in at least the basics of security. Saying "I just write code, so I dont know much about security" is akin to saying "I just drive my car, so I dont know much about road safety". Seriously, if you feel you dont know much about road safety, step away from the vehicle until you learn the basics. – AviD Mar 03 '14 at 12:09
  • 2
    it's not that I don't know anything about security. I do follow some best practices in rails also we use tools to analyze code quality which gives reports on security loopholes if there are any in our code. So on code level, yes I do take necessary steps. But in this case I simply don't know what someone is trying with these requests and what impact it can have on my application. – Pramodtech Mar 03 '14 at 13:51
  • Fair enough, so you really meant "... very little knowledge about web attacks". Though even then, that is far from optimal... Better, but not great. :-) – AviD Mar 03 '14 at 14:56

2 Answers2

14

Ignore them.

They look like automated scripts looking for common vulnerabilities in sites on the Internet. You say your site is built using RoR so the server most likely doesn't contain software like phpmyadmin. You won't be affected.

  • 1
    Thanks Terry! I was just wondering is it going to unnecessarily overload my website? These requests are very frequent and happening from last 2-3 weeks. I thought of blocking IP but there are random IPs. May be I can write some rule that ignores such requests and are not processed by web server. – Pramodtech Mar 03 '14 at 06:10
  • 2
    Unless you're doing something unusual to handle nonexistent pages, the load will not be a problem. Even my personal webserver running on a 15-year-old desktop computer can hand out dozens of 404 errors per second. – Mark Mar 03 '14 at 08:29
  • 4
    I see that mysql port 3306 is open for all.I think I should restrict source IP only to my webserver since I don't intend to connect to mysql remotely. – Pramodtech Mar 03 '14 at 13:45
0

I have been running a website on my personal server for a number of years now. I get those requests constantly. They are just bots scanning for vulnerabilities. Check your firewall and close any ports that are not required.

user199938
  • 1