6

我在我的开发环境中使用“Thin”作为我的 Rails 服务器。我注意到一件让我感到震惊的事情。我正在休息……我的机器上没有按键。Thin 运行的终端窗口生成以下内容:

Started GET "/controller/method" for 127.0.0.1 at ...
Processing by ...Controller#method as HTML
Completed 401 Unauthorized in 58ms

Started GET "/users/sign_in" for 127.0.0.1 at 2013-08-16 11:47:02 -0400
Processing by Devise::SessionsController#new as HTML
...
Completed 200 OK in 178ms (Views: 22.3ms | ActiveRecord: 3.7ms)

在某个地方,我的开发机器正在响应对需要授权的特定页面的请求,并向某人显示登录屏幕。它不在我的机器上。我办公室里没有其他人有技术能力或兴趣对我的机器进行黑客攻击。所以它一定来自我的无线路由器或通过我们的互联网连接......我猜。

在生产中,我有一个访问日志,它为所有访问我们网站的人提供了一个 IP 地址。我可以做些什么来提供这种信息吗?我可以在我的 rails 配置中做些什么来确认这确实是一次黑客攻击?

我在这里解决 Rails 流程。如果有一个 StackExchange 站点来解决与我的路由器、互联网连接和开发机器相关的安全问题?可能是哪一个?

谢谢。

4

2 回答 2

4

It definitely seems like some automated hacking attempt. If you were running an older version of rails you could get it to execute arbitrary controller methods like that, or if you had set your routes file up improperly.

Just a reminder to set all of the controller methods you don't want to be visible to the outside world directly as private or protected. Also double check your routes file to ensure that you are avoiding less safe route definitions like match, if possible.

While this shouldn't entirely assuage your security concerns, being proactive about limiting the possible access attackers can gain will serve your project for the best. Additionally, you could set up thin to bind to 127.0.0.1 instead of 0.0.0.0, thereby preventing external requests (if possible).

于 2013-08-16T16:24:32.580 回答
1

哦,伙计……太简单了。不敢相信我花了这么长时间才弄清楚。Safari 具有“热门站点”功能。每当我打开一个新标签时,最热门的网站就是显示的页面。我的一些热门网站是通过将 url 拖到热门网站图标来修复的。其余部分由最常显示的其他页面组成。更改代码后,我经常查看页面以确保没有错误。热门网站正试图显示其中一些页面。查看这些页面需要授权。顶级网站正试图破解我的开发服务器。:=]

于 2013-08-17T18:02:07.033 回答