Possible SECURITY ATTACK detected.
Pythonpa opened this issue · 1 comments
I have already handled it myself and closed it.
Deployed by Docker,but ,Emm.......looks like it has some weired error,below is the Error tips:
2024-07-05 10:13:56 rssbrew-1 | Successfully created a new superuser: admin, Password: changeme, please change it immediately after login.
2024-07-05 10:13:57 rssbrew-1 | [2024-07-05 02:13:57 +0000] [1] [INFO] Starting gunicorn 22.0.0
2024-07-05 10:13:57 rssbrew-1 | [2024-07-05 02:13:57 +0000] [1] [INFO] Listening at: http://0.0.0.0:8000 (1)
2024-07-05 10:13:57 rssbrew-1 | [2024-07-05 02:13:57 +0000] [1] [INFO] Using worker: sync
2024-07-05 10:13:57 rssbrew-1 | [2024-07-05 02:13:57 +0000] [10] [INFO] Booting worker with pid: 10
2024-07-05 10:13:57 rssbrew-1 | Scheduled task with CRON settings: {'minute': '/5', 'hour': '', 'day': '', 'month': '', 'day_of_week': ''}
2024-07-05 10:13:57 rssbrew-1 | Scheduled task with CRON settings: {'minute': '0', 'hour': '0', 'day': '', 'month': '', 'day_of_week': ''}
2024-07-05 10:14:53 rssbrew-1 | [2024-07-05 02:14:53 +0000] [1] [CRITICAL] WORKER TIMEOUT (pid:10)
2024-07-05 10:14:53 rssbrew-1 | [2024-07-05 03:14:53 +0100] [10] [ERROR] Error handling request (no URI read)
2024-07-05 10:14:53 rssbrew-1 | Traceback (most recent call last):
2024-07-05 10:14:53 rssbrew-1 | File "/usr/local/lib/python3.11/site-packages/gunicorn/workers/sync.py", line 134, in handle
2024-07-05 10:14:53 rssbrew-1 | req = next(parser)
2024-07-05 10:14:53 rssbrew-1 | ^^^^^^^^^^^^
2024-07-05 10:14:53 rssbrew-1 | File "/usr/local/lib/python3.11/site-packages/gunicorn/http/parser.py", line 42, in next
2024-07-05 10:14:53 rssbrew-1 | self.mesg = self.mesg_class(self.cfg, self.unreader, self.source_addr, self.req_count)
2024-07-05 10:14:53 rssbrew-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-07-05 10:14:53 rssbrew-1 | File "/usr/local/lib/python3.11/site-packages/gunicorn/http/message.py", line 257, in init
2024-07-05 10:14:53 rssbrew-1 | super().init(cfg, unreader, peer_addr)
2024-07-05 10:14:53 rssbrew-1 | File "/usr/local/lib/python3.11/site-packages/gunicorn/http/message.py", line 60, in init
2024-07-05 10:14:53 rssbrew-1 | unused = self.parse(self.unreader)
2024-07-05 10:14:53 rssbrew-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^
2024-07-05 10:14:53 rssbrew-1 | File "/usr/local/lib/python3.11/site-packages/gunicorn/http/message.py", line 269, in parse
2024-07-05 10:14:53 rssbrew-1 | self.get_data(unreader, buf, stop=True)
2024-07-05 10:14:53 rssbrew-1 | File "/usr/local/lib/python3.11/site-packages/gunicorn/http/message.py", line 260, in get_data
2024-07-05 10:14:53 rssbrew-1 | data = unreader.read()
2024-07-05 10:14:53 rssbrew-1 | ^^^^^^^^^^^^^^^
2024-07-05 10:14:53 rssbrew-1 | File "/usr/local/lib/python3.11/site-packages/gunicorn/http/unreader.py", line 37, in read
2024-07-05 10:14:53 rssbrew-1 | d = self.chunk()
2024-07-05 10:14:53 rssbrew-1 | ^^^^^^^^^^^^
2024-07-05 10:14:53 rssbrew-1 | File "/usr/local/lib/python3.11/site-packages/gunicorn/http/unreader.py", line 64, in chunk
2024-07-05 10:14:53 rssbrew-1 | return self.sock.recv(self.mxchunk)
2024-07-05 10:14:53 rssbrew-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-07-05 10:14:53 rssbrew-1 | File "/usr/local/lib/python3.11/site-packages/gunicorn/workers/base.py", line 203, in handle_abort
2024-07-05 10:14:53 rssbrew-1 | sys.exit(1)
2024-07-05 10:14:53 rssbrew-1 | SystemExit: 1
2024-07-05 10:14:53 rssbrew-1 | [2024-07-05 03:14:53 +0100] [10] [INFO] Worker exiting (pid: 10)
2024-07-05 10:14:53 rssbrew-1 | [2024-07-05 02:14:53 +0000] [13] [INFO] Booting worker with pid: 13
2024-07-05 10:14:54 rssbrew-1 | Scheduled task with CRON settings: {'minute': '/5', 'hour': '', 'day': '', 'month': '', 'day_of_week': ''}
2024-07-05 10:14:54 rssbrew-1 | Scheduled task with CRON settings: {'minute': '0', 'hour': '0', 'day': '', 'month': '', 'day_of_week': ''}
2024-07-05 10:14:54 rssbrew-1 | Not Found: /favicon.ico
2024-07-05 10:16:28 redis-1 | 1:M 05 Jul 2024 02:16:28.320 # Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection from 172.18.0.1:36170 aborted.
I have already handled it myself and closed it.