I have to admit that I am quite new to DevOps (and I was very happy that mupx made it so easy for me to get my app running on an EC2 instance!). Today I had a look at the server logs and was a bit puzzled when I saw entries like these:
Error: url must be a relative URL: http://dhg.pisz.pl/httptest.php
at [object Object]._.extend.classify (packages/routepolicy/routepolicy.js:107:1)
at IsAppUrl (packages/meteorhacks_fast-render/lib/server/utils.js:19:1)
at [object Object].filterFunction (packages/meteorhacks_fast-render/lib/server/routes.js:6:1)
at [object Object].PickerImp._dispatch (packages/meteorhacks_picker/packages/meteorhacks_picker.js:44:1)
at processNextSubRouter (packages/meteorhacks_picker/packages/meteorhacks_picker.js:80:1)
at processNextRoute (packages/meteorhacks_picker/packages/meteorhacks_picker.js:73:1)
at processNextMiddleware (packages/meteorhacks_picker/packages/meteorhacks_picker.js:56:1)
at [object Object].PickerImp._dispatch (packages/meteorhacks_picker/packages/meteorhacks_picker.js:50:1)
at Object.Package [as handle] (packages/meteorhacks_picker/packages/meteorhacks_picker.js:140:1)
at next (/bundle/bundle/programs/server/npm/webapp/node_modules/connect/lib/proto.js:190:15)
The URLs vary, but they are all coming from strange domains (mostly from Poland). Does anyone with more experience than me have an explanation what might be happening here. For my noob eyes, it looks like a hacker / injection attempt.
BTW: Is there any guide / tutorial out there on how to “harden” a mupx/Ubuntu based Meteor set-up?
Definitely a hack attempt, but too bad they don’t realize you’re running a Node.js server.
You could edit your nginx config to block requests like these. I guess if it were me in your position, I’d make it so any requests that end in “.php” would be redirected to a website full of popup ads.
That’s normal, we are also having such logs from bots that try to access /phpmyadmin or other typical urls from plugins or frameworks that maybe have a vulnerability.
Googled it. Thought about clicking on it. Decided not to.
Good, good choice. I still think you should know that it is about well, eels, a funnel, bodily exits and two japanese women trying to bring the deep space program for other organisms available by launching them. Happy dreaming!