views:

14

answers:

1

Hi all,

I wonder if anyone has seen this. I am developing a web app and the dev server just output the following when I was doing some testing.

logging on
[21/Oct/2010 13:42:56] "POST /members/logon/ HTTP/1.1" 302 0
[21/Oct/2010 13:42:57] "GET / HTTP/1.1" 200 20572
[21/Oct/2010 13:42:59] "GET http://ppcfinder.net/judge.php HTTP/1.1" 404 1744
----------------------------------------
Exception happened during processing of request from ('221.195.73.68', 2884)
Traceback (most recent call last):
  File "C:\Python26\lib\SocketServer.py", line 281, in _handle_request_noblock
    self.process_request(request, client_address)
  File "C:\Python26\lib\SocketServer.py", line 307, in process_request
    self.finish_request(request, client_address)
  File "C:\Python26\lib\SocketServer.py", line 320, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "C:\Python26\lib\site-packages\django\core\servers\basehttp.py", line 562
, in __init__
    BaseHTTPRequestHandler.__init__(self, *args, **kwargs)
  File "C:\Python26\lib\SocketServer.py", line 615, in __init__
    self.handle()
  File "C:\Python26\lib\site-packages\django\core\servers\basehttp.py", line 602
, in handle
    self.raw_requestline = self.rfile.readline()
  File "C:\Python26\lib\socket.py", line 406, in readline
    data = self._sock.recv(self._rbufsize)
    error: [Errno 10054] An existing connection was forcibly closed by the remote ho
    st
    ----------------------------------------
    logging on
    [21/Oct/2010 13:43:44] "POST /members/signup/ HTTP/1.1" 302 0
----------------------------------------
Exception happened during processing of request from ('221.195.73.68', 3227)
Traceback (most recent call last):
  File "C:\Python26\lib\SocketServer.py", line 281, in _handle_request_noblock
    self.process_request(request, client_address)
      File "C:\Python26\lib\SocketServer.py", line 307, in process_request
    self.finish_request(request, client_address)
  File "C:\Python26\lib\SocketServer.py", line 320, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "C:\Python26\lib\site-packages\django\core\servers\basehttp.py", line 562
, in __init__
    BaseHTTPRequestHandler.__init__(self, *args, **kwargs)
  File "C:\Python26\lib\SocketServer.py", line 615, in __init__
    self.handle()
  File "C:\Python26\lib\site-packages\django\core\servers\basehttp.py", line 602
, in handle
    self.raw_requestline = self.rfile.readline()
  File "C:\Python26\lib\socket.py", line 406, in readline
    data = self._sock.recv(self._rbufsize)
error: [Errno 10054] An existing connection was forcibly closed by the remote ho
st
----------------------------------------
checking for entry_details, oh yeh
member invitation

Everything until the /ppcfinder.net/judge.php line is expected, I have no idea what this judge.php is doing or where it came from. Myoutput starts again at

checking for entry_details, oh yeh
    member invitation

I searched through all Python / django source in case I got something nasty in there but nothing. I searched through all my own source and it's not in there either.

What on earth is it and where did it come from. I saw it last week as well but couldn't find it. Last week judge.php was being accessed via an IP address rather than ppcfinder.net URL. I checked out ppcfinder.net after turning off Javascript and it appears to be a rubbish search site. It's a bit scary in case something has got enbeded somewhere in Python source and mighjt be stealing stuff but I can't find it.

Has anyone seen this?

Rich

+2  A: 

Seems like a bot in another host hit yours searching for known vulnerabilities to exploit.

Paulo Scardine
It's all obvious now, ppcfinder.net, the name says it all. They should be shut down! Oops, I am pretty upset by this. I have never been so stupid! It's OK when I am at home because I am behind my wireless router but I am working away from home and have my wireless network card online so I had no firewall, had the django dev server listening on public IP address and I just tested it from my iphone and low and behold, my dev site was on line to the world!
Rich
Oh well, I hope they didn't care what they found and I hope this post might help someone realise there is danger in running a dev server on 0.0.0.0 unless you are real careful! 0.0.0.0 is now gone and my firewall is on! I switched it off so I could test from my ipad at home where I knew it was safe but forgot to switch back on before using wireless card! Unbelievably stupid.
Rich