I've got my server set up correctly (I hope) and on an https connection, and I *think* I've got it set up so mailman-web will only respond on localhost:8000, but I occasionally get a flood of emails like this:
Internal Server Error: /admin/login/
DoesNotExist at /admin/login/ Site matching query does not exist.
Followed by a bunch of Django stuff, followed by
HTTP__X__CLIENT_IP = '127.0.0.1' HTTP__X__FORWARDED_FOR = '127.0.0.1, 185.177.72.38' HTTP__X__FORWARDED_HOST = '96.126.110.20' HTTP__X__FORWARDED_SERVER = 'list.xcski.com' HTTP__X__FORWARED = '127.0.0.1' HTTP__X__HOST = '127.0.0.1' HTTP__X__ORIGINATING_IP = '127.0.0.1' HTTP__X__REAL_IP = '127.0.0.1' PATH_INFO = '/admin/login/' QUERY_STRING = 'next=/admin/' REMOTE_ADDR = '127.0.0.1'
The HTTP_X_FORWARDED_FOR was a clue where it was coming from, and grepping through my apache access logs shows a script kiddie at 185.177.72.38 hammering a miliion urls, 99% of them 404s.
Is there any way the code could just return a 403 or 418 instead of getting a python error?
-- Paul Tomblin