Jump to content

Need help understanding this error


fastsol

Recommended Posts

In the last couple months a few of my websites (that are all hosted on my dedicated server) have been throwing errors to Bugsnag a couple times a week.  I don't know what they mean really and google searching doesn't bring up this exact scenario to figure it out.

This is the error that Laravel throws: Facade\Ignition\Exceptions\ViewException · Invalid Host "${ip}:${port}".

In Bugsnag this is the curl replay that it shows.

curl --request GET \
  --header 'accept: */*' \
  --header 'host: ${ip}:${port}' \
  --header 'user-agent: curl/7.64.1' \
  'https://:0'

This is the Slim error: InvalidArgumentException Uri port must be null or an integer between 1 and 65535 (inclusive)

In Bugsnag this is the curl replay that it shows.

curl --request GET \
  --header 'Accept: */*' \
  --header 'User-Agent: curl/7.64.1' \
  'https://${ip}:${port}/'

Some of my sites run on Laravel and some on Slim.  Both applications throw the error once it hits a certain point in loading the page, typically at a middleware level.  I'd like to know if this is indicative of a hack or maybe just a crawler bot.  It doesn't happen constantly like a brute force attack, just once or twice in a few seconds and then not again for a few days.  I have one middleware returning true on an if() indicating that this may just be a bot crawler. 

Is there anything I can do or "should" do to prevent the error or prevent the attack if it is an attack?

Link to comment
Share on other sites

Is "${ip}:${port}" literally what is there? Because that's obviously not a valid host. Or valid Host header. Or valid URL to give to curl. And I imagine it would only happen because of a rather glaring error in some code somewhere.

Link to comment
Share on other sites

Well yeah, it looks like someone is using curl to generate a request that is hitting your server, and the http "Host" header, that is supposed to be a Host:port combination, is passing a string with those variable contents. 

Probably it's some sort of exploit attempt.   Laravel seems to be catching this and throwing the exception, which is what you want to have happen here, so -- yeah laravel!

The IP is coming from Indonesia, and has a lot of abuse reports filed against it here:  https://www.abuseipdb.com/

If you see this is consistently coming from there, you might want to IP ban them, although in my experience, like roaches, once you ban one, other client ip's will appear, as these are bots.  I still IP ban on a frequent basis, even though I know it's only a minor deterrent.

Link to comment
Share on other sites

Yeah I thought about banning the few IP that they have come from.  I know one of them was from Russia.  My main concern is that as long as the exception is throwing that I should be relatively ok if it keeps happening, it's just an annoyance at this point.

Link to comment
Share on other sites

As long as the exception is being handled somewhere and the user is getting a generic error page, you're probably okay. But you should still take steps to prevent whatever bad data reached Symfony's code from getting there. Like in whatever uses that get_quote_vehicle_select view.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.