Error mails from hacking/snooping attempts #56

New Issue

Open

opened 2024-12-04 13:34:28 +01:00 by ansv7779 · 1 comment

ansv7779 commented 2024-12-04 13:34:28 +01:00

Owner

Copy Link

A lot of random HTTP requests are sent to try and find known vulnerabilities for various frameworks.

For example the following requests

2024-12-04 13:13:03 "GET /wicket/resource/org.apache.wicket.Application/portal/diag/index.jsp HTTP/1.1" 401

2024-12-04 13:13:03 [WARN] ResourceReferenceRegistry: A ResourceReference wont be created for a resource with key [scope: org.apache.wicket.Application; name: portal/diag/index.jsp; locale: null; style: null; variation: null] because it cannot be located.

2024-12-04 13:13:03 "GET /wicket/resource/portal/diag/index.jsp HTTP/1.1" 401 3248 112788 "-"

2024-12-04 13:13:03 [WARN] WicketObjects: Could not resolve class [portal]
java.lang.ClassNotFoundException: portal

Since we have a rather aggressive mailing in place, each log at level warning or higher, each such attempt generates an error mail. This results in way too many mails and we may miss mails we may want to catch for real problems.

Find a way to prevent these mails from going out in production while keeping them around in development to help find any potential mistakes.

A lot of random HTTP requests are sent to try and find known vulnerabilities for various frameworks. For example the following requests ``` 2024-12-04 13:13:03 "GET /wicket/resource/org.apache.wicket.Application/portal/diag/index.jsp HTTP/1.1" 401 2024-12-04 13:13:03 [WARN] ResourceReferenceRegistry: A ResourceReference wont be created for a resource with key [scope: org.apache.wicket.Application; name: portal/diag/index.jsp; locale: null; style: null; variation: null] because it cannot be located. ``` ``` 2024-12-04 13:13:03 "GET /wicket/resource/portal/diag/index.jsp HTTP/1.1" 401 3248 112788 "-" 2024-12-04 13:13:03 [WARN] WicketObjects: Could not resolve class [portal] java.lang.ClassNotFoundException: portal ``` Since we have a rather aggressive mailing in place, each log at level warning or higher, each such attempt generates an error mail. This results in way too many mails and we may miss mails we may want to catch for real problems. Find a way to prevent these mails from going out in production while keeping them around in development to help find any potential mistakes.

ansv7779 added the

new

label 2024-12-04 13:34:42 +01:00

ansv7779 commented 2024-12-04 15:08:59 +01:00

Author

Owner

Copy Link

A lot of these problems will probably go away if #27 gets merged since at that point all of Wicket (where most of the warnings come from) will require an authenticated user.

A lot of these problems will probably go away if #27 gets merged since at that point all of Wicket (where most of the warnings come from) will require an authenticated user.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

develop

update-prettier-format-on-save

milestones-not-activating

master

testcontainers

project-type-lost-application-period-creation

oauth2-login

branch-deploy

release-291

release-290

release-289

release-288

release-287

release-284

release-283

release-282

release-281

release-280

release-279

release-278

release-277

release-276

release-275

release-274

release-273

release-271

release-270

release-269

release-268

release-267

release-266

release-265

release-264

release-263

release-262

release-261

release-260

release-259

release-258

release-257

release-256

release-255

release-254

release-253

release-252

release-251

release-250

release-249

release-248

release-247

release-246

release-245

release-244

release-243

release-242

release-241

release-240

release-239

release-238

release-237

release-236

release-235

release-234

release-233

release-232

release-231

release-230

release-229

release-228

release-227

release-226

release-225

release-224

release-223

release-222

release-221

release-220

release-219

release-218

release-217

release-216

release-215

release-214

release-213

release-212

release-211

release-210

release-209

release-208

release-207

release-206

release-205

release-204

release-203

release-202

release-201

release-200

release-199

release-198

release-197

release-196

release-195

release-194

release-193

release-192

release-191

release-190

release-189

release-188

release-187

release-186

release-185

release-184

release-183

release-182

release-181

release-180

release-179

release-178

release-177

release-175

release-174

release-173

release-172

release-171

release-170

release-169

release-168

release-167

release-166

release-165

release-164

release-163

release-162

release-161

release-160

release-159

release-158

release-157

release-156

release-155

release-154

release-152

release-151

release-150

release-149

release-148

release-147

release-146

release-145

release-144

release-143

release-142

release-141

release-140

release-139

release-138

release-137

release-136

release-135

release-134

release-133

release-132

release-131

release-130

release-129

release-128

release-127

release-126

release-125

release-124

release-120

release-119

release-118

release-117

release-116

release-115

release-114

release-113

release-112

release-111

release-110

release-109

release-108

release-107

release-106

release-105

release-104

release-103

release-102

release-101

release-100

release-99

release-98

release-97

release-96

release-95

release-94

release-93

release-92

release-91

release-90

release-89

release-88

release-87

release-86

release-85

release-84

release-83

release-82

release-81

release-80

release-79

release-78

release-77

release-75

release-74

release-73

release-2015-01-21_01-43-10

release-2015-01-16_13-58-21

release-2015-01-14_23-29-05

release-2015-01-12_19-19-12

release-2015-01-05_14-42-00

release-2014-12-14_20-43-16

release-2014-12-09_12-38-01

release-2014-12-01_22-46-42

release-2014-12-01_03-52-02

release-2014-11-25_02-38-44

release-2014-11-07_00-19-08

release-2014-10-29_03-09-05

release-2014-10-20_05-31-21

release-2014-10-18_01-41-15

release-2014-10-13_23-32-12

release-2014-10-13_08-42-56

release-2014-09-12_04-32-23

release-2014-08-28_16-01-59

release-2014-08-28_05-21-30

release-2014-08-20_13-28-07

release-2014-08-19_16-58-15

release-2014-08-19_14-03-31

release-2014-07-30_10-58-12

release-2014-07-17_15-40-18

release-2014-06-27_02-59-33

release-2014-06-03_05-58-50

release-2014-05-27_05-28-36

release-2014-05-27_02-23-47

release-2014-05-19_20-32-59

release-2014-05-16_17-09-30

release-2014-05-09_06-12-15

release-2014-04-25_06-47-30

release-2014-04-11_09-43-06

release-2014-04-11_07-44-26

release20140411

release-2014-04-10_10-24-17

release-2014-04-08_17-09-06

release-2014-04-08_09-18-21

release-2014-04-04_12-51-51

release-2014-04-01_15-20-30

release-2014-03-27_17-09-01

release-2014-03-27_13-53-50

release-2014-03-26_16-03-09

release-2014-03-14_16-51-04

release-2014-03-13_16-21-44

release-2014-03-13_13-44-31

release-2014-03-06_17-04-04

release-2014-03-06_14-40-27

release-2014-03-05_16-11-47

release-2014-03-05_15-17-07

release-2014-02-20_10-05-22

release-2014-02-18_18-52-52

release-2014-02-18_17-39-07

release-2014-02-18_14-07-18

release-2014-02-18_12-56-20

release-2014-02-11_09-10-21

20131106

20131104

20131031

20131029c

20131029b

20131029

20131025b

20131025

20131024c

20131024b

20131024

20131023

20131015b

20131015

20131010

20130913

20130906

20130823

20130816

20130809

20130607

20130531

20130524b

20130524

20130520b

fix20130520

20130517

20130510

20130503

20130426

201

20130419

20130412b

20130412

20130405

20130322

20130319

20130315

20130308

20130301

20130220

20130215

20120208

20130204-2

20130204

20130201

20130125

20130121

20130118b

20130118

20130117

20130114b

20130116

20130114

20121221

20121204

20121123

20121119

20121112

20121102d

20121102c

20121102b

20121102

20121026

20121024

20121019

2012-10-15

20121010d

20121010c

20121010b

20121010

20121009

20121005

20120928

2012-09-19

20120917

2012-09-15

20120911

20121003

20120827c

20120827b

20120827

20120821b

20120821

20120819d

20120819c

20120819

20120819b

20120817

20120815

20120814

20120813

20120810

20120731

20120720

20120625

20120614

20120607

20120605

20120601

20120525

20120521

20120520

20120515

20120511

2012-05-07

20120501

20120430

20120420

20120401

20120326

20120323

20120320

20120308

20120306

20120129b

20120229

20120227

20120224b

20120224

second20120215

20120215

20120213

20120203

20120130

20120126

20120123

20120113

20120109

20120102

2011-12-21

2011-12-08

2011-12-07

2011-11-14

2011-11-10

2011-11-07

2011-10-27

2011-10-25

2011-09-21

2011-09-09

2011-08-24

2011-08-22

2011-07-21

2011-07-18

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

new

To be discussed at the next meeting

  

question

More information is needed

  

wontfix

This won't be fixed

No Label

bug

duplicate

enhancement

help wanted

invalid

new

question

wontfix

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: DMC/scipro#56

No description provided.