I am trying my hands on hosting a Django web app on my home server. I never fail to get weird requests from unknown IPs all around the world, such as the ones below:
Not Found: /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
162.243.145.13 - - [01/May/2023 04:55:57] "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 404 -
Not Found: /owa/auth/x.js
162.243.136.25 - - [01/May/2023 04:59:38] "GET /owa/auth/x.js HTTP/1.1" 404 -
Not Found: /owa/auth/logon.aspx
162.243.136.25 - - [01/May/2023 05:02:45] "GET /owa/auth/logon.aspx HTTP/1.1" 404 -
Not Found: /_ignition/execute-solution
190.220.22.11 - - [01/May/2023 05:22:03] "POST /_ignition/execute-solution HTTP/1.1" 404 -
190.220.22.11 - - [01/May/2023 05:22:05] "GET / HTTP/1.1" 200 -
Not Found: /script
190.220.22.11 - - [01/May/2023 05:22:06] "GET /script HTTP/1.1" 404 -
Not Found: /login
190.220.22.11 - - [01/May/2023 05:22:08] "GET /login HTTP/1.1" 404 -
Not Found: /jenkins/login
190.220.22.11 - - [01/May/2023 05:22:09] "GET /jenkins/login HTTP/1.1" 404 -
Not Found: /manager/html
190.220.22.11 - - [01/May/2023 05:22:11] "GET /manager/html HTTP/1.1" 404 -
190.220.22.11 - - [01/May/2023 05:22:13] "GET /?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=8io439h1 HTTP/1.1" 200 -
64.62.197.92 - - [29/Apr/2023 06:29:53] "GET / HTTP/1.1" 200 -
64.62.197.105 - - [29/Apr/2023 06:36:38] "GET /favicon.ico HTTP/1.1" 302 -
64.62.197.97 - - [29/Apr/2023 06:37:55] "GET / HTTP/1.1" 200 -
Not Found: /geoserver/web/
64.62.197.92 - - [29/Apr/2023 06:39:41] "GET /geoserver/web/ HTTP/1.1" 404 -
183.136.225.32 - - [29/Apr/2023 07:27:30] "GET / HTTP/1.1" 200 -
183.136.225.32 - - [29/Apr/2023 07:39:00] "GET /favicon.ico HTTP/1.1" 302 -
183.136.225.32 - - [29/Apr/2023 07:39:03] "GET /static/images/favicon.ico HTTP/1.1" 404 -
Not Found: /robots.txt
183.136.225.32 - - [29/Apr/2023 07:39:06] "GET /robots.txt HTTP/1.1" 404 -
183.136.225.32 - - [01/May/2023 12:14:06] "GET / HTTP/1.1" 200 -
183.136.225.32 - - [01/May/2023 12:23:03] "GET / HTTP/1.1" 200 -
183.136.225.32 - - [01/May/2023 12:23:29] "GET /favicon.ico HTTP/1.1" 302 -
183.136.225.32 - - [01/May/2023 12:23:31] "GET /static/images/favicon.ico HTTP/1.1" 404 -
Not Found: /robots.txt
183.136.225.32 - - [01/May/2023 12:23:34] "GET /robots.txt HTTP/1.1" 404 -
167.94.138.124 - - [01/May/2023 07:06:53] "GET / HTTP/1.1" 200 -
167.94.138.124 - - [01/May/2023 07:06:54] "GET / HTTP/1.1" 200 -
167.94.138.124 - - [01/May/2023 07:06:55] code 505, message Invalid HTTP version (2.0)
167.94.138.124 - - [01/May/2023 07:06:55] "PRI * HTTP/2.0" HTTPStatus.HTTP_VERSION_NOT_SUPPORTED -
167.94.138.124 - - [01/May/2023 07:06:56] "GET /static/images/favicon-32x32.png HTTP/1.1" 200 -
167.94.138.124 - - [01/May/2023 07:06:57] "GET /favicon.ico HTTP/1.1" 302 -
167.94.138.124 - - [01/May/2023 07:06:58] "GET /static/images/favicon.ico HTTP/1.1" 404 -
My hosting of the web app is still on test-run, running on development server with minimal security configurations.
I have set up a firewall with ufw on Ubuntu to allow only incoming requests to a certain port, from which I will be hosting the web app. That is all.
Just wondering, by looking at the request instances above, (1) what the person or bot behind these IPs are trying to do and (2) whether if there is any significant security risks that I may have overlooked and - if so, (3) what should I do when switching from development to production to mitigate the risks so that I can rest assured that my server and data are safe?
GET, so they are prodding your system for known responses (entry points). For a public Internet-facing web service, what you are experiencing is normal. You probably do not have a high-value site (based on the traffic), so the pros are not attempting to breach your site.