On 7/26/24 09:21, Elias Rudberg wrote:
Yes, there are strange-looking long queries there at the times when these errors happen.
Here is an example of what such a request URL looks like, where I have replaced some parts with [...] to avoid including anything sensitive:
I see similar ones from time to time.
I looked up the IP address that those requests come from (all seem to come from the same IP address) and that corresponds to a hostname called something with "scanner" that looks like it belongs to some cybersecurity company. There are also many other requests from that same IP address, including things like "GET /file://etc/passwd" and similar, so it looks like someone is bombarding us with various weird requests as a form of "scanning" where they are trying to find vulnerabilities. That could also explain why we see those "Internal Server Error" errors recurring every day, if they run that vulnerability scan daily.
Yes, I think these are attempts to find vulnerabilities.
So maybe those strange request URLs that lead to the error messages "[Django] ERROR (EXTERNAL IP): Internal Server Error" that we are seeing, are constructed by someone who is actively trying to trigger bugs.
I don't think this is a DOS attack or an attempt to trigger bugs. I think they are attempts to find and then exploit vulnerabilities.
But anyway, no matter what strange request URL comes in, I guess the "Internal Server Error" indicates something going wrong in Mailman or in Django, a bug in how the request is processed?
I'm not certain, but I think it's a Django issue rather than a Mailman issue. In my case, I don't get that many and I just ignore them.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan