D
Deno

help

Odd server requests on my Delpoy project...

AAmaya10/18/2023
I was logging the requested paths to static files yesterday while troubleshooting an issue with a service worker... and there were some strange outliers that were definitely unrelated to the hosted page, can anyone tell me if this is normal noise? Here are some of the paths that got requested:
["_404","/nf_tracking.php","2023-10-17"]
["_404","/wp-22.php","2023-10-17"]
["_404","/wp-content/plugins/WordPressCore/include.php","2023-10-17"]
["_404","/wp-content/themes/intense/block-css.php","2023-10-17"]
["_404","/.env","2023-10-18"]
["_404","/.well-known/nodeinfo","2023-10-18"]
["_404","/.well-known/assetlinks.json","2023-10-17"]
["_404","/simple.php","2023-10-18"]
["_404","/nf_tracking.php","2023-10-17"]
["_404","/wp-22.php","2023-10-17"]
["_404","/wp-content/plugins/WordPressCore/include.php","2023-10-17"]
["_404","/wp-content/themes/intense/block-css.php","2023-10-17"]
["_404","/.env","2023-10-18"]
["_404","/.well-known/nodeinfo","2023-10-18"]
["_404","/.well-known/assetlinks.json","2023-10-17"]
["_404","/simple.php","2023-10-18"]
I'm not surprised to see random requests from web crawlers, but there were a lot of requests coming in for exposed WordPress (I assume) config files all at once. On the one hand, I not sure if I need to do anything as they just get a 404 response, but on the other hand, someone checking to see if a domain has things like a .env file exposed while I am looking at the requests feels a bit of... dbwhat
Eeric.uhd10/18/2023
That’s sucks because they get counted off our monthly requests limit
Ccknight10/18/2023
Welcome to public web hosting! Yes, this is 'normal', or rather expected. All my projects have this noise. I've even setup a middleware request logger which ignores these. E.g.
export async function handler(
req: Request,
ctx: MiddlewareHandlerContext<unknown>,
) {
const start = Date.now();
const resp = await ctx.next();
const url = req.url;
hitCount.set(url, (hitCount.get(url) || 0) + 1);

if (
//Ignore project specific files
!url.includes("favicon.ico")
&& !url.endsWith(".css")
&& !url.includes("_frsh")
&& !url.endsWith(".js")
//Ignore spam
&& !url.includes(".php")
&& !url.includes("/php")
&& !url.includes("/admin")
&& !url.includes("/user")
&& !url.includes("/wp")
&& !url.includes(".ini")
&& !url.includes("/.env")
&& !url.includes("/wp-includes/")
&& !url.includes(".git/")
&& !url.includes(".htaccess")
&& !url.includes("sitemap")
&& req.method === "GET"
) {
const referrer = req.headers.get("referer") || 'no-referer';
const region = Deno.env.get("DENO_REGION") || 'no-region';
console.log(`${req.method} ${region} ${url} ${resp.status} ${Date.now() - start}ms ${referrer} count: ${hitCount.get(url)}`);
}

return resp;
}
export async function handler(
req: Request,
ctx: MiddlewareHandlerContext<unknown>,
) {
const start = Date.now();
const resp = await ctx.next();
const url = req.url;
hitCount.set(url, (hitCount.get(url) || 0) + 1);

if (
//Ignore project specific files
!url.includes("favicon.ico")
&& !url.endsWith(".css")
&& !url.includes("_frsh")
&& !url.endsWith(".js")
//Ignore spam
&& !url.includes(".php")
&& !url.includes("/php")
&& !url.includes("/admin")
&& !url.includes("/user")
&& !url.includes("/wp")
&& !url.includes(".ini")
&& !url.includes("/.env")
&& !url.includes("/wp-includes/")
&& !url.includes(".git/")
&& !url.includes(".htaccess")
&& !url.includes("sitemap")
&& req.method === "GET"
) {
const referrer = req.headers.get("referer") || 'no-referer';
const region = Deno.env.get("DENO_REGION") || 'no-region';
console.log(`${req.method} ${region} ${url} ${resp.status} ${Date.now() - start}ms ${referrer} count: ${hitCount.get(url)}`);
}

return resp;
}
AAmaya10/18/2023
dbclappy Thank you, that's good to know! Filtering them out through middleware is probably a good solution. Should I continue responding with a standard 404 to these requests, or is there another way to let them know not to request those paths?
Ccknight10/19/2023
Just to be completely clear, the filter only applies to log messages not actual requests. But yes, 404 is usually the best response for these requests which discourages more in depth probing.

Looking for more? Join the community!