I am using Nginx & Phusion Passenger for running Rails app. I got these errors in the access log:
I, [2015-07-11T02:21:16.369230 #12228] INFO -- : Started GET "/cgi-bin/chs/numreg/init" for 61.160.213.56 at 2015-07-11 02:21:16 -0400
F, [2015-07-11T02:21:16.382745 #12228] FATAL -- : ActionController::RoutingError (No route matches [GET] "/cgi-bin/chs/numreg/init"):
I tried to search the IP 61.160.213.56 over the google, I found this page: http://www.ipillion.com/ip/61.160.213.108
It said that: 61.160.213.108 is known for firewall alert, port scanning.
Could any one tell me what does it mean? Do I need to block this IP from my site?
It's port scanning, and sending lots of dummy URL which could be allowing attacker to login to Admin page.
I've seen the same ip using the same URL. Here are a few more similar IPS doing the same thing:
61.160.213.55
61.160.213.56
61.160.213.247
61.160.213.32
Related
I'm trying to analyze log from my rails applications I sometimes see hits from random IP addresses that look like this:
-------------------------------
Request:
-------------------------------
* URL : https://${ip}/
* HTTP Method: GET
* IP address : 162.62.191.231
* Parameters : {"controller"=>"runner", "action"=>"index"}
* Timestamp : 2022-08-17 18:28:07 +0300
* Server : b82b789929df
* Rails root : /root/my_app
* Process: 270
Those are not some replacement to hide IP from you, it seems like literally request with https://${ip}/ value
But not sure from where it's coming, probably some guys are testing my site for some vulnerability, but I cannot detect which.
https://${ip}/ is a really bad string to google it
And especially I cannot understand how to simulate the same request with curl or wget to see if it really safe
Fact is that it couldn't get to your server unless it was a correct hostname/ip-address, so that URL is not what's being requested. My guess here is that this is some local monitoring or health-check, is this on AWS?
I have created test bitcoins but how to deposit it in Peatio.
currencies.yml
- id: 2
key: satoshi
code: btc
symbol: "฿"
coin: true
quick_withdraw_max: 1000
rpc: http://test_user_123:ddd545a1142f7fd3e167cd60e60d0a67#127.0.0.1:18332
blockchain: https://testnet.smartbit.com.au/tx/e9d09a0401080e299c3871ba8e3bf537ab20734567cb86ea7a63d9a025b1a8f3
address_url: https://testnet.smartbit.com.au/address/msCgLuJQNiRnXEg9AJzgpzC1qxehFNWkfH
assets:
balance: 3333
accounts:
-
address: msCgLuJQNiRnXEg9AJzgpzC1qxehFNWkfH
bitcoin.conf
server=1
daemon=1
# If run on the test network instead of the real bitcoin network
testnet=1
# You must set rpcuser and rpcpassword to secure the JSON-RPC api
# Please make rpcpassword to something secure, `5gKAgrJv8CQr2CGUhjVbBFLSj29HnE6YGXvfykHJzS3k` for example.
# Listen for JSON-RPC connections on <port> (default: 8332 or testnet: 18332)
rpcuser=test_user_123
rpcpassword=ddd545a1142f7fd3e167cd60e60d0a67
rpcport=18332
# Notify when receiving coins
walletnotify=curl http://192.168.1.41:3000/payment_transaction/btc/%s
I am not able to see the balance in my bitcoin funds. What could be the reason for this?
Server trace:
Started GET "/payment_transaction/btc/dc06e9864d3114ea814118f6c9b578d52f67874477ff0b546e79b360775e1117" for 192.168.1.41 at 2017-10-25 18:57:00 +0530
ActionController::RoutingError (No route matches [GET] "/payment_transaction/btc/dc06e9864d3114ea814118f6c9b578d52f67874477ff0b546e79b360775e1117"):
lib/middleware/security.rb:11:in `call'
lib/middleware/i18n_js.rb:9:in `call'
I am not sure why, but it seems that the bitcoind was not configured properly.
So, first I did this manually. Find the transaction IDs you did and call it manually.
Either you can try using the same way you are doing, just make the curl as POST request. (For me, it's webhooks/tx) (https://github.com/peatio/peatio/issues/79#issuecomment-44631111)
Another option is, you can call /usr/local/sbin/rabbitmqadmin publish routing_key=peatio.deposit.coin payload='{"txid":"YOUR_TRANS_ID_HERE", "channel_key":"satoshi"}'
And it shows the balance now in peatio!
You are running peatio in testnet mode, If btc is deposited in the testnet address it won't reflect until and unless your blockchain server not sych with your peatio server.
Or check your blockchain server status is upto date
bitcoin-cli getblockcount
I've all of a sudden started getting this error when creating users in my app. Emails were working before I left for vacation, now I come back and this is what my tech support gives me! Ugh.
So, I make a user, and I get redirected to my admin panel with the following error in a flash notice: getaddrinfo: name or service not known. The user isn't created.
Looking at the logs, it looks like everything worked fine:
I, [2016-04-12T08:01:52.089647 #11555] INFO -- : Started POST "/admin/user/new" for 72.238.202.193 at 2016-04-12 08:01:52 -0500
I, [2016-04-12T08:01:52.092114 #11555] INFO -- : Processing by RailsAdmin::MainController#new as HTML
I, [2016-04-12T08:01:52.092259 #11555] INFO -- : Parameters: {"utf8"=>"✓", "authenticity_token"=>"vxhuTwXhQo6nYrskQcYH9W56Ej95LgzEbs8cnkjXQI4=", "user"=>{"company_id"=>"35", "username"=>"myuser#thedomain.com", "first_name"=>"Test", "last_name"=>"User", "full_name"=>"Test User", "time_zone"=>"Central Time (US & Canada)", "email"=>"myuser#thedomain.com", "phone_number"=>"", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "reset_password_sent_at"=>"[FILTERED]", "remember_created_at"=>"", "sign_in_count"=>"0", "current_sign_in_at"=>"", "last_sign_in_at"=>"", "current_sign_in_ip"=>"", "last_sign_in_ip"=>"", "authentication_token"=>"", "enable_notifications"=>"1", "confirmation_token"=>"MBrmpsD6Wtf1VBrhtDyc", "confirmed_at"=>"", "confirmation_sent_at"=>"April 12, 2016 10:00", "unconfirmed_email"=>"myuser#thedomain.com", "terms_accepted"=>"1", "cancel_subscription"=>"0", "on_trial"=>"0", "is_account_owner"=>"1", "role_ids"=>["", "", "2"]}, "return_to"=>"https://www.myserver.com/admin/user?sort=created_at&sort_reverse=false", "_save"=>"", "model_name"=>"user"}
I, [2016-04-12T08:01:52.212064 #11555] INFO -- : Rendered devise/mailer/confirmation_instructions.html.erb (1.6ms)
I, [2016-04-12T08:01:52.340343 #11555] INFO -- :
Sent mail to myuser#thedomain.com (9.3ms)
I've filtered the email address but, rest assured, it's a valid email.
I'm using EC2 to host my application, so I can't edit /etc/resolv.conf since any changes will be overridden.
I've run nslookup to make sure the server can find the domain MX records, which it does using the nameserver specified in /etc/resolv.conf.
What else can I do to troubleshoot this issue?
I used a recommendation I ran across on another blog to use Ruby's version of Resolv instead of the libc library with Ubuntu. So, I added the following line to an initializer: require resolv-replace.rb.
Now my error is a little more descriptive: Hostname not known: smtp.sendgrid.net, so I checked config/environments/production.rb and it turns out I had a trailing space at the end of my host line. Removed it and all is working now!
I am trying to test which server serves a request however the setup has a load balancer between the server and client. How would i go about getting the IP address of the server rather than the load balancer. So far on the local machine i have tried although i know the middle two are for the client ip
ip1 = #env['REMOTE_ADDR'] -- returns 127.0.0.1:3000
ip2 = request.ip -- returns 10.0.2.2
ip3 = request.host_with_port -- returns 10.0.2.2
ip4 = Socket.gethostname -- returns precise32 (vm name)
Don't want to test this live until i am sure. Apologies if there's any detail lacking. If any more information is required just say the word.
Unless the server sets an HTTP header with the information you can't. That's the whole point of the load balancer, right?
I downloaded the rails 3.0.x socky demo app from : https://github.com/socky/socky-example. I remade the application in Rails 2.3.x. Now i have the following problem and i can't find any answers about it: When i run my application and i run the socky server and when i try to post a message this is the output i'm getting from the socky server:
D, [2011-01-07T13:01:31.250592 #23820] DEBUG -- : Connection(2159099260) terminated
D, [2011-01-07T13:01:36.425515 #23820] DEBUG -- : Connection(2159088740) incoming
D, [2011-01-07T13:01:36.426217 #23820] DEBUG -- : Connection(2159088740) sending data {"type":"message","body":"You are not authorized to post messages"}
D, [2011-01-07T13:01:36.426442 #23820] DEBUG -- : Connection(2159088740) terminated
How can i authorize myself / other users to post messages?
Thanks...
First of all - Socky have it's own google group where it will be best to ask such a questions. Please see http://groups.google.com/group/socky-users.
And about your question: when you see "unauthorized" message then you probably didn't set "secret" variable in config, or this variable don't match the same variable in server and rails client(config.yml for socky-server and socky_hosts.yml for rails app)