tags:

views:

161

answers:

3
+1  Q: 

Django Development server, found something in console like virus?

I was running Django Development server, and found same access message shown up again and again:

[03/Dec/2009 21:02:30] "GET http://222.186.27.9/R.asp?P=58.50.245.72:8000 HTTP/1.1" 500 717
Traceback (most recent call last):
File "d:\www\lib\django\django\core\servers\basehttp.py", line 279, in run

  self.result = application(self.environ, self.start_response)
File "d:\www\lib\django\django\core\servers\basehttp.py", line 651, in __call__

  return self.application(environ, start_response)
File "d:\www\lib\django\django\core\handlers\wsgi.py", line 241, in __call__

  response = self.get_response(request)
File "d:\www\lib\django\django\core\handlers\base.py", line 115, in get_response

  return debug.technical_404_response(request, e)
File "d:\www\lib\django\django\views\debug.py", line 247, in technical_404_response

  tried = exception.args[0]['tried']
KeyError: 'tried'
[03/Dec/2009 22:18:31] "GET http : / / pay .qq.com/ HTTP/1.1" 500 717

I wander it's a virus, do any one know what accessed the url, how can I find it? Thanks!

+4  A: 

Looks suspicious indeed. pay.qq.com seams the to be url for some kind of virtual good store in china (wikipedia).

I recommend setting up wireshark on your server to capture traffic. It should help you identify the source of it. Hopefully, it is not one of the machine on your network responsible for this.

Also, your django development server should not be exposed to the public internet. From the django source code (basehttp.py):

#This is a simple server for use in testing or debugging Django apps. It hasn't
#been reviewed for security issues. Don't use it for production use.
Jean-Philippe Goulet  2009-12-03 18:18:28
It's a develop machine, now I've simply changed to local access only.
Dong  2009-12-04 02:06:02
+1  A: 

most likely someone is just trying to use your server as a proxy.

Evgeny  2009-12-03 19:25:44
+1  A: 

Did you run the dev server with the default arguments? If so it should only be bound to localhost (127.0.0.1) which shouldn't be accessible from anywhere except your machine. If so then you have trouble on your machine.

If you have bound the dev server to an external internet facing address, then don't! It isn't a fully featured web server and is probably full of security problems.

Either way, the requests look like they are proxy requests and 8000 is a common port to run a proxy on, so some process on your machine, or some external lan or internet based service has discovered it and is trying to abuse it.

Nick Craig-Wood  2009-12-03 19:30:57
Thanks Nick Craig-Wood, here is my runserver.bat:d:cd www\projects\homepagemanage.py runserver 0.0.0.0:8000You are right, it's accessible anywhere, I used to develop on other machine. I've changed to local only to see how is it going.
Dong  2009-12-04 01:08:02
It really works.Such message never shown up again.
Dong  2009-12-04 02:13:19

related questions

Django: Print url of view without hardcoding the url
Django Calendar Widget?
Can the HTTP version or headers affect the visual appearance of a web page?
Project design / FS layout for large django projects
Extending the User model with custom fields in Django
How to generate urls in django
Always including the user in the django template context
Screencasts for Django/Python?
Using Django time/date widgets in custom form
How do I add data to an existing model in Django?
Setup django with WSGI and apache
Altering database tables in Django
Django Templates and variable attributes.
Django ImageField core=False in newforms admin
How can I render a tree structure (recursive) using a django template?
Cleanest & Fastest server setup for Django
Unicode vs UTF-8 confusion in Python / Django?
Does Hostmonster support Django
Specifying a mySQL ENUM in a Django model
Represent Ordering in a Relational Database
updating an auto_now DateTimeField in a parent model w/ Django
Version track, automate DB schema changes with django
Learning Ruby on Rails any good for Grails?
What Hosting Service is best for Django applications?
Class views in Django