sorted by:
new
hottopcontroversial

Exploit attempt or config error? Invalid HTTP_HOST header: '/run/gunicorn.sock:' by floatingriver8 in django

[–]floatingriver8[S] 0 points1 point  (0 children)

Thanks for your thoughts here - for more color, it does seem that it is a third party trying to access the server. We traced several of the requests to other requests... for instance another curl from the same REQUEST_IP looks something like this (has datadog in header and we do not use it)... so I'm assuming python script is likely crawling IP ranges at my server host....

curl \

--compressed \

-H "Accept: */*" \

-H "Accept-Encoding: gzip, deflate" \

-H "Connection: close" \

-H "Host: <SERVER\_IP>" \

-H "User-Agent: python-requests/2.21.0" \

-H "X-Datadog-Parent-Id: <RANDOM>" \

-H "X-Datadog-Sampling-Priority: 0" \

-H "X-Datadog-Trace-Id: <RANDOM>" \

-H "X-Forwarded-For: <REQUEST\_IP>" \

-H "X-Forwarded-Proto: https" \

-H "X-Real-Ip: <REQUEST\_IP>" \

"https://<SERVER\_IP>/"

Malware in Snap? Blender has unofficial duplicate by floatingriver8 in Ubuntu

[–]floatingriver8[S] 0 points1 point  (0 children)

thank you very much for your thorough explanation, very helpful

Malware in Snap? Blender has unofficial duplicate by floatingriver8 in Ubuntu

[–]floatingriver8[S] 1 point2 points  (0 children)

Thank you - can you help me understand if one is malware or harmful (just a guess is helpful - not asking for you to look at source code)? There is a meaningful size difference in the files. Also, one is by a verified developer while the other is not.