Amaya
Amaya10mo ago

Odd server requests on my Delpoy project...

I was logging the requested paths to static files yesterday while troubleshooting an issue with a service worker... and there were some strange outliers that were definitely unrelated to the hosted page, can anyone tell me if this is normal noise? Here are some of the paths that got requested: 
["_404","/nf_tracking.php","2023-10-17"]
["_404","/wp-22.php","2023-10-17"]
["_404","/wp-content/plugins/WordPressCore/include.php","2023-10-17"]
["_404","/wp-content/themes/intense/block-css.php","2023-10-17"]
["_404","/.env","2023-10-18"]
["_404","/.well-known/nodeinfo","2023-10-18"]
["_404","/.well-known/assetlinks.json","2023-10-17"]
["_404","/simple.php","2023-10-18"]
["_404","/nf_tracking.php","2023-10-17"]
["_404","/wp-22.php","2023-10-17"]
["_404","/wp-content/plugins/WordPressCore/include.php","2023-10-17"]
["_404","/wp-content/themes/intense/block-css.php","2023-10-17"]
["_404","/.env","2023-10-18"]
["_404","/.well-known/nodeinfo","2023-10-18"]
["_404","/.well-known/assetlinks.json","2023-10-17"]
["_404","/simple.php","2023-10-18"]
I'm not surprised to see random requests from web crawlers, but there were a lot of requests coming in for exposed WordPress (I assume) config files all at once. On the one hand, I not sure if I need to do anything as they just get a 404 response, but on the other hand, someone checking to see if a domain has things like a .env file exposed while I am looking at the requests feels a bit of... dbwhat
4 Replies
Kofi GOLO
Kofi GOLO10mo ago
That’s sucks because they get counted off our monthly requests limit
cknight
cknight10mo ago
Welcome to public web hosting! Yes, this is 'normal', or rather expected. All my projects have this noise. I've even setup a middleware request logger which ignores these. E.g. 
export async function handler(
  req: Request,
  ctx: MiddlewareHandlerContext<unknown>,
) {
  const start = Date.now();
  const resp = await ctx.next();
  const url = req.url;
  hitCount.set(url, (hitCount.get(url) || 0) + 1);

  if (
      //Ignore project specific files
      !url.includes("favicon.ico") 
      && !url.endsWith(".css")
      && !url.includes("_frsh") 
      && !url.endsWith(".js")
      //Ignore spam 
      && !url.includes(".php") 
      && !url.includes("/php") 
      && !url.includes("/admin") 
      && !url.includes("/user") 
      && !url.includes("/wp") 
      && !url.includes(".ini") 
      && !url.includes("/.env") 
      && !url.includes("/wp-includes/")
      && !url.includes(".git/")
      && !url.includes(".htaccess")
      && !url.includes("sitemap")
      && req.method === "GET"
  ) {
    const referrer = req.headers.get("referer") || 'no-referer';
    const region = Deno.env.get("DENO_REGION") || 'no-region';
    console.log(`${req.method} ${region} ${url} ${resp.status} ${Date.now() - start}ms ${referrer} count: ${hitCount.get(url)}`);
  }

  return resp;
}
export async function handler(
  req: Request,
  ctx: MiddlewareHandlerContext<unknown>,
) {
  const start = Date.now();
  const resp = await ctx.next();
  const url = req.url;
  hitCount.set(url, (hitCount.get(url) || 0) + 1);

  if (
      //Ignore project specific files
      !url.includes("favicon.ico") 
      && !url.endsWith(".css")
      && !url.includes("_frsh") 
      && !url.endsWith(".js")
      //Ignore spam 
      && !url.includes(".php") 
      && !url.includes("/php") 
      && !url.includes("/admin") 
      && !url.includes("/user") 
      && !url.includes("/wp") 
      && !url.includes(".ini") 
      && !url.includes("/.env") 
      && !url.includes("/wp-includes/")
      && !url.includes(".git/")
      && !url.includes(".htaccess")
      && !url.includes("sitemap")
      && req.method === "GET"
  ) {
    const referrer = req.headers.get("referer") || 'no-referer';
    const region = Deno.env.get("DENO_REGION") || 'no-region';
    console.log(`${req.method} ${region} ${url} ${resp.status} ${Date.now() - start}ms ${referrer} count: ${hitCount.get(url)}`);
  }

  return resp;
}
Amaya
Amaya10mo ago
dbclappy Thank you, that's good to know! Filtering them out through middleware is probably a good solution. Should I continue responding with a standard 404 to these requests, or is there another way to let them know not to request those paths?
cknight
cknight10mo ago
Just to be completely clear, the filter only applies to log messages not actual requests. But yes, 404 is usually the best response for these requests which discourages more in depth probing.
More Posts
error on installingi do not know if im doing it right or something elseDeno equivalent os.cpus().lengthWhat’s the Deno Equivalent for `os.cpus().length`?How can I get deno to access internal packages from a workspace in npm or bun?I have the following workspace setup. I would like to have a deno/oak/kv project in the same folderHow to resolve requires without `.js` extension in a very basic NPM resolver?I have an NPM resolver that without caching that expects everything to be in a `node_modules` folderHow do I have a subrouter in Oak?I want to use a subrouter in oak to handle part of the routing, how would I do that in Oak? here is rust ffi buffer overflowhi, do i have to null-terminate array when using rust ffi? i'm getting buffer overflows. ```rs #[no_How to actually sign out using deno_kv_authNot sure if bug or feature, but I have problems signing out from deno_kv_auth. I'm using Auth0 for tDistroless Docker image fails with `libc.so: cannot open shared object file: No such file`I am building a 1:1 with a Node project using the same base for a docker image `distroless/cc`. BothBootstrapping a minimal node-compatible runtimeI'm trying to bootstrap a minimal node-compatible runtime, so I've basically been copying and pastinI want to adjust around tls using fetch APIWith nodejs, you could specify a cipher suite or version to be used with tls. Can't you do the same