I have set up a little flask server on a vm as a sort of API for a simple Python app that I am working on using the kivy framework. The other night I was testing some of the requests and I accidentally left the server running. I got some strange POST and HEAD requests from an IP I don't recognize. I took a screenshot attached below. I was wondering if anyone could help shed some light on what these requests are? output:

CodePudding user response：

It is always a good idea not to expose your API under development to the public internet. However, when you are ready to host in production, I suggest adding an additional layer of security by utilizing services like the ones offered by Cloudflare - they can give you a reverse proxying to your API and in that layer, you can define several rules of access - like block a region, a user agent, bad requests altogether, etc. You can also define usage typical sequences so that any rogue entity trying to make calls to your API can get blocked in that level itself, and such spurious requests will never even reach your server.

CodePudding user response：

Someone, or several people, is/are probing your webserver for common security vulnerabilities, probably to exploit them for malicious purposes. It doesn't look like anything was successful. If flask and any other supporting software is up to date you probably don't have anything to worry about.

It's hard to give specific system hardening advice without knowing more about your setup, but running this in a VM, installing fail2ban, and maybe setting up a reverse proxy is going to be good enough for what sounds like a small personal project.