[Flask] Webserver under attack

Ziirish ziirish at ziirish.info
Sat Dec 10 07:36:02 EST 2016 

Running such application with debug ON on a widely open server is kind of crazy.
The least you can do is to add a htaccess or something in front of your
application (that's relatively easy since your are running your application
through WSGI).
You should also think about setting up a firewall and open your development port
just to a few IP's that are known to be trusted.

Search for the "python wsgi htaccess authentication" keywords.
Example:
http://stackoverflow.com/questions/11762068/apache-mod-wsgi-basic-authentication-for-django-app


* On Saturday, December 10, 2016 at 12:18 PM +0000, Bruno Colella <brn93 at live.it> wrote:
> My VPS is very essential, ssh on 22 (I know it should be changed), flask on 8000 and a webadmin panel on 10000, so nothing interesting.
> I'm quite used to php vulnerabilities and sqli, but I can't read that shellcode and I was worried it could be some kind of 0day.
> I can provide more data if needed.
> 
> @Christophe BAL and @David Baumgold: I have turned off debug mode, unfortunately I can't have dev and prod enviroment separate at the moment
> 
> Thanks
> 
> Bruno
> 
> 
> Il 12/10/16 11:36 AM, reznov110 ha scritto:
> I don't really know what is going on , what i saw is a shellcodes junks , maybe someone tries to fuzz your webserver , is there any service that runs on the server with an open port for instance apache or ftp with an old version ???
> 
> 
> Отправлено со смартфона Samsung Galaxy.
> 
> -------- Исходное сообщение --------
> От: Bruno Colella <brn93 at live.it><mailto:brn93 at live.it>
> Дата: 10.12.2016 4:33 (GMT+06:00)
> Кому: flask at python.org<mailto:flask at python.org>
> Тема: Re: [Flask] Webserver under attack
> 
> Hi everyone,
> 
> 
> I have a VPS with Ubuntu 14.04.4 LTS with a public ip and a small Flask application(at the moment Flask is also the WSGI). Flask is in Debug mode, I know this isn't a good security practice but I need it as it's still under development :(
> 
> I log everything and recently there was a raise of attacks: here is a sample of the logs<https://pastebin.com/z2MK6dwi>.
> 
> Always different ip, and I've never seen this kind of attacks so I don't know if they are successful or not, my questions are:
> 
> 
>   *   What kind of attacks are these?
>   *   How can i verify if they hacked my vps?
>   *   What is the best way to mitigate? Autoban for invalid requests?
> 
> Thanks in advance,
> 
> 
> Bruno
> 

> _______________________________________________
> Flask mailing list
> Flask at python.org
> https://mail.python.org/mailman/listinfo/flask

More information about the Flask mailing list