fastsol Posted March 6, 2022 Share Posted March 6, 2022 In the last couple months a few of my websites (that are all hosted on my dedicated server) have been throwing errors to Bugsnag a couple times a week. I don't know what they mean really and google searching doesn't bring up this exact scenario to figure it out. This is the error that Laravel throws: Facade\Ignition\Exceptions\ViewException · Invalid Host "${ip}:${port}". In Bugsnag this is the curl replay that it shows. curl --request GET \ --header 'accept: */*' \ --header 'host: ${ip}:${port}' \ --header 'user-agent: curl/7.64.1' \ 'https://:0' This is the Slim error: InvalidArgumentException Uri port must be null or an integer between 1 and 65535 (inclusive) In Bugsnag this is the curl replay that it shows. curl --request GET \ --header 'Accept: */*' \ --header 'User-Agent: curl/7.64.1' \ 'https://${ip}:${port}/' Some of my sites run on Laravel and some on Slim. Both applications throw the error once it hits a certain point in loading the page, typically at a middleware level. I'd like to know if this is indicative of a hack or maybe just a crawler bot. It doesn't happen constantly like a brute force attack, just once or twice in a few seconds and then not again for a few days. I have one middleware returning true on an if() indicating that this may just be a bot crawler. Is there anything I can do or "should" do to prevent the error or prevent the attack if it is an attack? Quote Link to comment Share on other sites More sharing options...
requinix Posted March 6, 2022 Share Posted March 6, 2022 Is "${ip}:${port}" literally what is there? Because that's obviously not a valid host. Or valid Host header. Or valid URL to give to curl. And I imagine it would only happen because of a rather glaring error in some code somewhere. Quote Link to comment Share on other sites More sharing options...
fastsol Posted March 6, 2022 Author Share Posted March 6, 2022 I wish there was a way to share a Bugsnag report but I can't seem to find a way. So I took screenshots of a couple things that it shows me. Quote Link to comment Share on other sites More sharing options...
gizmola Posted March 6, 2022 Share Posted March 6, 2022 Well yeah, it looks like someone is using curl to generate a request that is hitting your server, and the http "Host" header, that is supposed to be a Host:port combination, is passing a string with those variable contents. Probably it's some sort of exploit attempt. Laravel seems to be catching this and throwing the exception, which is what you want to have happen here, so -- yeah laravel! The IP is coming from Indonesia, and has a lot of abuse reports filed against it here: https://www.abuseipdb.com/ If you see this is consistently coming from there, you might want to IP ban them, although in my experience, like roaches, once you ban one, other client ip's will appear, as these are bots. I still IP ban on a frequent basis, even though I know it's only a minor deterrent. Quote Link to comment Share on other sites More sharing options...
fastsol Posted March 7, 2022 Author Share Posted March 7, 2022 Yeah I thought about banning the few IP that they have come from. I know one of them was from Russia. My main concern is that as long as the exception is throwing that I should be relatively ok if it keeps happening, it's just an annoyance at this point. Quote Link to comment Share on other sites More sharing options...
requinix Posted March 7, 2022 Share Posted March 7, 2022 As long as the exception is being handled somewhere and the user is getting a generic error page, you're probably okay. But you should still take steps to prevent whatever bad data reached Symfony's code from getting there. Like in whatever uses that get_quote_vehicle_select view. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.