I'm still very new to security and server handling in general, so excuse my lack of knowledge.
I am currently running a small trading algorithm using the Binance API. The server is a windows server from VPSServer.com. The backend (server side) handles requests from an app I made that also runs on windows. The app basically just allows for making trades and viewing account information such as balances etc. The server side stays logged in to Binance via the API and the only permissions are for making trades, no withdraws are possible via the API and hence no withdraws are possible via the App.
The code for receiving requests is as follows:
import requests
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
host = my IP # server
port = 123
# bind to pot
s.bind((host, port))
# Que up to 5 requests
s.listen(5)
def subfunc(): # function called to start thread
print('Commns started')
while True:
try:
# establish connection
clientSocket, addr = s.accept()
print("got a connection from %s" % str(addr))
data = clientSocket.recv(1024)
datafull = data.decode()
print(datafull)
res = datafull.split('\n') # request format = main request is first line with details on seperate lines below
body = ''
print(res)
for i in range(1, len(res)):
body = res[i] '\n'
print('request ' res[0])
handleComms(clientSocket, res[0], body) # Function that handles the relevant request and replies to App with necessary info
except Exception as e:
print(e)
traceback.print_exc()
Every now and then it prints these really strange requests that aren't at all from the requests that can be sent from the App (the App is the only thing that interacts with the server), these requests being: (note that the code prints the IP and the request)
got a connection from ('185.180.143.143', 38336)
GET / HTTP/1.1
Host: my IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36
Accept: */*
Accept-Encoding: gzip
['GET / HTTP/1.1\r', 'Host: my IP:137\r', 'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36 \r', 'Accept: */*\r', 'Accept-Encoding: gzip\r', '\r', '']
request GET / HTTP/1.1
and
got a connection from ('185.180.143.143', 48251)
SSH-2.0-Go
['SSH-2.0-Go\r', '']
request SSH-2.0-Go
and
got a connection from ('185.180.143.143', 42344)
GET / HTTP/1.1
['GET / HTTP/1.1 \r', '\r', '']
request GET / HTTP/1.1
and
got a connection from ('192.241.209.78', 51102)
MGLNDD_my Ip_137
['MGLNDD_my IP_137', '']
request MGLNDD_my IP_137
Are these bots or hackers or something to do with the server service itself?
ISP for 185.180.143.143 NSEC - Sistemas Informaticos S.A, location Belgium and/or Portugal
ISP for 192.241.209.78 DigitalOcean LLC, location US
Ofcourse I'll look into adding security if this is actually a threat, though noone has access to the App but me (personal use)
CodePudding user response:
Well, your server is exposed to the internet, so anyone can make a request to it, not just your App.
You're seeing those random someones making requests, and sure enough if they can figure out how to command your program to do trades, they can do it.
I'd suggest adding authentication, and better yet using TLS/SSL to encrypt your traffic.