What are these strange entries in IIS 6 logs [closed] - iis

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
The IIS log is full of entries like this:
2013-02-04 20:51:07 31.223.20.153 11435 192.168.1.69 80 - - - - - Timer_ConnectionIdle -
2013-02-04 20:51:07 78.178.55.210 53836 192.168.1.69 80 - - - - - Timer_ConnectionIdle -
2013-02-04 20:51:07 86.149.201.150 57616 192.168.1.69 80 - - - - - Timer_ConnectionIdle -
2013-02-04 20:51:17 86.149.201.150 57600 192.168.1.69 80 - - - - - Timer_ConnectionIdle -
2013-02-04 20:51:17 72.188.100.193 2480 192.168.1.69 80 - - - - - Timer_ConnectionIdle -
2013-02-04 20:51:17 65.12.233.165 50176 192.168.1.69 80 - - - - - Timer_ConnectionIdle -
2013-02-04 20:51:57 135.245.10.6 30739 192.168.1.69 80 - - - - - Timer_ConnectionIdle -
2013-02-04 20:51:57 135.245.10.6 30906 192.168.1.69 80 - - - - - Timer_ConnectionIdle -
2013-02-04 20:51:57 135.245.10.6 30905 192.168.1.69 80 - - - - - Timer_ConnectionIdle -
2013-02-04 20:51:57 135.245.10.6 30951 192.168.1.69 80 - - - - - Timer_ConnectionIdle -
What do these mean?


copied from this blog
Timer_ConnectionIdle, happens in normal HTTP protocol usage, where the
client decides not to disconnect from the server because there is a
good chance that it will have another request for the server either in
the process of loading a page or because a client will probably click
a link on a web page that will go back to the same server. By default
the server will close the connection and reclaim those resources after
2 minutes of inactivity. This is nothing to worry about, it's just an
informational type of entry
Based on feedback these log entries are not observed in a Win2k8, IIS7 setup.

Related

Can't redirect from http->https, error: :80: bind: permission denied

Traefik redirection fails, http->https, i use this command to update/add the redirect feature, helm upgrade traefik traefik/traefik -n traefik -f traefik-config-ha.yaml and this is my traefik-config
additionalArguments:
- "--metrics.prometheus.entryPoint=metrics"
- "--metrics.prometheus=true"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.websecure.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entryPoints.metrics.address=:8082"
- "--entrypoints.websecure.http.tls"
- "--api.insecure=true"
- "--api.dashboard=true"
- "--accesslog=true"
- "--log.level=DEBUG"
deployment:
replicas: 3
podAnnotations:
prometheus.io/port: '8082'
prometheus.io/scrape: 'true'
And I am getting the following error:
traefik Nov 30, 2020, 10:15:50 AM 2020/11/30 09:15:50 traefik.go:76: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
How would I solve this?

I fixed it, but if there is anyone that can explained why it does work i would be grateful to hear it.
additionalArguments:
- "--entrypoints.web.address=:8000"
- "--entrypoints.websecure.address=:8443"
- "--metrics.prometheus.entryPoint=metrics"
- "--metrics.prometheus=true"
- "--entryPoints.metrics.address=:8082"
- "--entrypoints.web.http.redirections.entryPoint.to=:443"
- "--api.insecure=true"
- "--api.dashboard=true"
- "--accesslog=true"
- "--log.level=DEBUG"
deployment:
replicas: 3
podAnnotations:
prometheus.io/port: '8082'
prometheus.io/scrape: 'true'
Now it redirects from http - >https. It worked right away when i put this command "--entrypoints.web.http.redirections.entryPoint.to=:443"

How to report a bug of GoogleBot?

Over the last days, Google Bot tries to read one URL of our main site over and over again, leading to a DDOS attack :) Our website got very slow because of the massive requests of the Google Crawler.
Here an excerpt for the curious ones (or if a Google engineers reads this post):
66.249.76.54 - - [27/May/2019:06:31:23 +0200] "GET /235432/~plot~+4x%5E2%3B+4%2Ax%5E2+++4%2A%281/32%29%2Ax+-+15%2A%281/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/323274/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/tag/594749/323274/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/323274/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/235432/tag/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/594749/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/323274/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/user/impressum HTTP/1.0" 200 32603
66.249.76.54 - - [27/May/2019:06:31:23 +0200] "GET /235432/~plot~+4x%5E2%3B+4%2Ax%5E2+++4%2A%281/32%29%2Ax+-+15%2A%281/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/235432/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/323274/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/323274/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/235432/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/235432/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/403551/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/403551/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/tag/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/594749/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/323274/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/bestusers HTTP/1.0" 200 32603
66.249.76.55 - - [27/May/2019:06:31:23 +0200] "GET /235432/tag/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/154807/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/594749/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/594749/403551/tag/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/403551/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/schreibregeln HTTP/1.0" 200 32603
66.249.76.54 - - [27/May/2019:06:31:23 +0200] "GET /235432/~plot~+4x%5E2%3B+4%2Ax%5E2+++4%2A%281/32%29%2Ax+-+15%2A%281/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/154807/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/323274/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/403551/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/tag/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/403551/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/235432/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/594749/tag/chat HTTP/1.0" 200 32603
Or here (see the different IPs, so there are several bots):
66.249.76.54 - - [27/May/2019:09:24:42 +0200] "GET /235432/~plot~+4x%5E2%3B+4%2Ax%5E2+++4%2A%281/386961/~plot~+4x%5E2%3B+4%2Ax%5E2+++4%2A%281/32%29%2Ax+-+15%2A%281/403551/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/594749/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/594749/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/235432/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/user/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/594749/user/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/punkte HTTP/1.0" 200 32587
66.249.76.55 - - [27/May/2019:09:24:42 +0200] "GET /235432/~plot~+4x%5E2%3B+4%2Ax%5E2+++4%2A%281/32%29%2Ax+-+15%2A%281/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/403551/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/235432/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/user/403551/agb HTTP/1.0" 200 32587
66.249.76.56 - - [27/May/2019:09:24:42 +0200] "GET /235432/~plot~+4x%5E2%3B+4%2Ax%5E2+++4%2A%281/32%29%2Ax+-+15%2A%281/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/323274/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/235432/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/594749/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/594749/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/user/154807/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/235432/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/594749/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/403551/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/403551/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/qa-theme/lounge/js/lounge.min.js?v=2019-01-17 HTTP/1.0" 200 32587
66.249.76.55 - - [27/May/2019:09:24:42 +0200] "GET /235432/~plot~+4x%5E2%3B+4%2Ax%5E2+++4%2A%281/32%29%2Ax+-+15%2A%281/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/235432/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/tag/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/235432/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/594749/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/235432/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/luckentext-zum-thema-extrema-funktionenschar-ft-x-1-2-tx-2-2-t HTTP/1.0" 200 32587
66.249.76.58 - - [27/May/2019:09:24:42 +0200] "GET /235432/~plot~+4x%5E2%3B+4%2Ax%5E2+++4%2A%281/32%29%2Ax+-+15%2A%281/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/235432/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/235432/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/323274/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/323274/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/tag/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/323274/user/Lu HTTP/1.0" 200 32587
66.249.76.57 - - [27/May/2019:09:24:42 +0200] "GET /235432/~plot~+4x%5E2%3B+4%2Ax%5E2+++4%2A%281/32%29%2Ax+-+15%2A%281/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/235432/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/154807/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/323274/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/235432/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/32)*x%20-%2015*(1/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/tag/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/user/user/tag/tag/~plot~%204x%5E2;%204*x%5E2%20+%204*(1/badges HTTP/1.0" 200 32587
The false link that was leading to this problem:
~plot~ 4x^2; 4*x^2 + 4*(1/32)*x - 15*(1/32)^2; x; [[0.1]]~plot~
Where can I report a bug of GoogleBot?
There seems to be no official way how to report a bug.

Here is the link to report a crawling bug of Google Bot:
https://www.google.com/webmasters/tools/googlebot-report
Report a problem with how Googlebot crawls your site.
You can report problems only for domain-level properties (for example, "www.example.com/")
The rate at which Google crawls your page depends on many factors:
The URLs we already know about
Links from other web pages (within your site and on other sites)
URLs listed in your Sitemap.
For most sites, Googlebot shouldn't access your site more than once every few seconds on average.
Probably the report link was not easy to find since you need a Google Webmaster account and can apparently only report your own websites.

How to Protect Flask from ZMEU

Forgive me if this is a duplicate question, but I'm running a Flask app using Celery and Rabbit MQ in a Kubernetes service. The service is run as a public-facing LoadBalancer. The problem I've seen is with ZMEU scan attacks which mess up the Flask uri structure and render the app unusable:
10.240.0.4 - - [19/Apr/2018 04:48:05] "GET / HTTP/1.1" 400 -
10.240.0.4 - - [19/Apr/2018 04:48:10] "GET /index.action HTTP/1.1" 400 -
10.244.2.1 - - [19/Apr/2018 07:32:29] "GET / HTTP/1.1" 400 -
10.244.2.1 - - [19/Apr/2018 08:54:38] "GET / HTTP/1.1" 400 -
10.244.2.1 - - [19/Apr/2018 11:13:06] "GET /w00tw00t.at.blackhats.romanian.anti-sec :) HTTP/1.1" 400 -
10.240.0.4 - - [19/Apr/2018 11:13:11] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 400 -
10.240.0.4 - - [19/Apr/2018 11:13:16] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 400 -
10.244.2.1 - - [19/Apr/2018 11:13:21] "GET /pma/scripts/setup.php
...
This occurs after successful pings to the URI. I have a healthcheck occurring because this silently renders the app unreachable, though the container itself is healthy and doesn't exit.
While I am working on securing the endpoint itself, I feel that it's more of a band-aid, and the app code should be resilient to this type of attack. Is there a way for me to catch any unspecified URI (not defined by an #app.route() decorator)?
EDIT: I've made an attempt to only accept requests that have a uri header in the request by using redirects in a general uri-path http://my.flask.app:80/ to point to the proper service, but this hasn't remedied the problem

Cannot connect to IIS site using anything but localhost/127.0.0.1

I have finally [painstakingly] setup a locally hosted site using IIS7.
I am now currently able to connect to it via http://localhost/mediaorganizer/ or http://127.0.0.1/mediaorganizer/ on the host machine.
However when I try to use the IP address of the host machine on itself or another machine on the network, I get the following error:
refused to connect error
I have searched up and down with no luck. I have setup the firewall rules for in-bound, they are set for TCP on port 80, using World Wide Web Services (HTTP Traffic-In). I have setup bindings in IIS as http, All Unassigned, 80. I also made sure to start the site while running IIS Manager as administrator. But all with no luck.
I feel I maybe missing a final process to achieve my desired effect. I've spent a solid day on this project and would appreciate any help.
Recent Logs
Software: Microsoft HTTP API 2.0
Version: 1.0
Date: 2016-08-28 02:33:55
Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri streamid sc-status s-siteid s-reason s-queuename
2016-08-28 02:33:55 127.0.0.1 50211 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
2016-08-28 02:36:29 127.0.0.1 50356 127.0.0.1 64900 HTTP/1.1 GET / - 400 - Hostname -
2016-08-28 02:37:30 127.0.0.1 50331 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
2016-08-28 03:02:37 127.0.0.1 50593 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
2016-08-28 03:06:33 127.0.0.1 50607 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
2016-08-28 03:10:03 127.0.0.1 50678 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
2016-08-28 05:16:54 127.0.0.1 50821 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
2016-08-28 05:19:14 127.0.0.1 50864 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
2016-08-28 05:32:17 127.0.0.1 50948 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
2016-08-28 05:34:32 127.0.0.1 50999 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
2016-08-28 05:42:10 127.0.0.1 51036 127.0.0.1 80 HTTP/1.1 GET /mediaorganizer/about.aspx - 404 - NotFound -
2016-08-28 05:44:30 127.0.0.1 51041 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
2016-08-28 05:46:35 127.0.0.1 51059 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
Software: Microsoft HTTP API 2.0
Version: 1.0
Date: 2016-08-28 06:00:59
Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri streamid sc-status s-siteid s-reason s-queuename
2016-08-28 06:00:59 127.0.0.1 50005 127.0.0.1 80 HTTP/1.1 GET /MediaOrganizer/ - 404 - NotFound -
2016-08-28 06:09:42 127.0.0.1 50188 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
2016-08-28 06:09:47 127.0.0.1 50183 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
2016-08-28 06:12:58 127.0.0.1 50205 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
2016-08-28 06:12:58 127.0.0.1 50208 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
2016-08-28 06:16:14 127.0.0.1 50277 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
2016-08-28 06:16:14 127.0.0.1 50279 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
2016-08-28 17:59:24 127.0.0.1 51430 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -
2016-08-28 17:59:24 127.0.0.1 51428 127.0.0.1 80 - - - - - - Timer_ConnectionIdle -

I was able to correct the issue. Turns out I had configured IIS to listen to IP Address 127.0.0.1 through command prompt. I had to undo this by opening command prompt and enter in the following commands.
netsh
http
show iplisten <- just to confirm it was there, and it was.
delete iplisten ipaddress=127.0.0.1
Now I am able to use the PC name and it's actual IP address to access my local IIS site.

I do see a 404 - NotFound twice
2016-08-28 05:42:10 127.0.0.1 51036 127.0.0.1 80 HTTP/1.1 GET
/mediaorganizer/about.aspx - 404 - NotFound -
2016-08-28 06:00:59 127.0.0.1 50005 127.0.0.1 80 HTTP/1.1 GET
/MediaOrganizer/ - 404 - NotFound -
This happens when you have binding mapped to a specific hostname in IIS. Something like below . So check this and remove Host name if you have any.
If it's empty probably delete the binding and recreate without any Host name.
Another place to check is host file (C:\Windows\System32\drivers\etc\hosts) . Comment out if you see anything like below by adding a # before
127.0.0.1 localhost //These should be commented out
::1 localhost //These should be commented out

How to prevent brute force attack against Magento XML-RPC

I have a Magento 1.9.2 system that is currently undergoing a brute force attack against its xml-rpc endpoint from an EC2 host.
I can simply firewall the source address but that is a short term solution, since it will likely face another attack from a different address. I would like to be able to detect these attacks automatically to lock them down.
Fail2ban is commonly used under such circumstances but in order for it to work, I understand that it must be able to find login failure messages in a log file somewhere, however Magento does not seem to be logging the failed attempts.
How can I prevent the xml-rpc endpoint being brute forced?
54.246.87.74 - - [20/Jul/2015:13:10:24 +0000] "POST /index.php/api/xmlrpc/ HTTP/1.1" 200 777 "-" "XML-RPC.NET"
54.246.87.74 - - [20/Jul/2015:13:10:24 +0000] "POST /index.php/api/xmlrpc/ HTTP/1.1" 200 777 "-" "XML-RPC.NET"
54.246.87.74 - - [20/Jul/2015:13:10:25 +0000] "POST /index.php/api/xmlrpc/ HTTP/1.1" 200 777 "-" "XML-RPC.NET"
54.246.87.74 - - [20/Jul/2015:13:10:26 +0000] "POST /index.php/api/xmlrpc/ HTTP/1.1" 200 777 "-" "XML-RPC.NET"
54.246.87.74 - - [20/Jul/2015:13:10:27 +0000] "POST /index.php/api/xmlrpc/ HTTP/1.1" 200 777 "-" "XML-RPC.NET"
Action taken so far
I've configured fail2ban with a new filter and jail to lock it down but I still don't know if this is the best solution.
filter.d/magento-xmlrpc.conf
[Definition]
failregex = ^<HOST> .*POST .*api\/xmlrpc\/
ignoreregex =
jail.local
[magento-xmlrpc]
enabled = true
port = http,https
filter = magento-xmlrpc
logpath = /home/user/logs/access.log
maxretry = 20
findtime = 30
bantime = 600

Resources