All geek questions in one place

Is the Rails 3.2.13 application running on my development machine?

I use "Thin" as my rails server in my development environment. I noticed something that alerted me. I took a break ... no keystrokes on my machine. The terminal window in which Thin is running caused the following:

Started GET "/controller/method" for 127.0.0.1 at ... Processing by ...Controller#method as HTML Completed 401 Unauthorized in 58ms Started GET "/users/sign_in" for 127.0.0.1 at 2013-08-16 11:47:02 -0400 Processing by Devise::SessionsController#new as HTML ... Completed 200 OK in 178ms (Views: 22.3ms | ActiveRecord: 3.7ms)

Somewhere, my development machine responded to a request for a specific page that needed authorization and presented someone with a sign-in screen. It was not in my car. No one in my office has the technical capabilities or interests to hack into my machine. So this should come from my wireless router or through our internet connection ... I guess.

In the production process, I have an access log that gives an IP address for everyone who accesses our site. Is there anything I can do to provide such information? What can I do in the configuration of my rails to confirm that this is really a hacking attempt?

I refer to the rails process here. If there is a StackExchange site to address security issues related to my router, internet connection, and development machine? Which one could be?

Thanks.

+6
source share
2 answers

It definitely looks like an automatic hacking attempt. If you are using an older version of the rails, you can force it to execute arbitrary controller methods like this, or if you incorrectly configured the routes file.

Just a reminder of setting up all the controller methods that you do not want to see in the outside world directly as private or protected. Also double check the routes file to make sure you avoid less secure route definitions such as matching, if possible.

While this should not completely reassure your security concerns, the proactive restriction of access restrictions that an attacker could gain could serve your project for the better. In addition, you can configure thin to bind to 127.0.0.1 instead of 0.0.0.0, thereby preventing external requests (if possible).

+4
source

Oh man, it was that simple. I can’t believe that it took me so long to understand. Safari has the "Best Sites" feature. Whenever I open a new tab, the top sites are the page that is displayed. Some of my top sites are fixed by dragging and dropping the URL onto the top site icon. The rest consists of other pages that are most often displayed. After changing the code, I often look at the page to make sure there are no errors. The best sites try to display some of these pages. Viewing these pages requires authorization. The best sites try to hack my development server .: =]

+1
source

Source: https://habr.com/ru/post/951903/

More articles:


All Articles