Home > Enterprise >  Suspicious requests to backend server
Suspicious requests to backend server

Time:07-08

I'm still very new to security and server handling in general, so excuse my lack of knowledge.

I am currently running a small trading algorithm using the Binance API. The server is a windows server from VPSServer.com. The backend (server side) handles requests from an app I made that also runs on windows. The app basically just allows for making trades and viewing account information such as balances etc. The server side stays logged in to Binance via the API and the only permissions are for making trades, no withdraws are possible via the API and hence no withdraws are possible via the App.

The code for receiving requests is as follows:

import requests
import socket

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

host = my IP # server 
port = 123
# bind to pot
s.bind((host, port))

# Que up to 5 requests
s.listen(5)
def subfunc(): # function called to start thread 
    print('Commns started')
    while True:
        try:
            # establish connection
            clientSocket, addr = s.accept()
            print("got a connection from %s" % str(addr))
            data = clientSocket.recv(1024)
            datafull = data.decode()
            print(datafull)
            res = datafull.split('\n') # request format = main request is first line with details on seperate lines below
            body = ''
            print(res)
            for i in range(1, len(res)):
                body  = res[i]   '\n'
            print('request '   res[0])
            handleComms(clientSocket, res[0], body) # Function that handles the relevant request and replies to App with necessary info
        except Exception as e:
            print(e)
            traceback.print_exc()

Every now and then it prints these really strange requests that aren't at all from the requests that can be sent from the App (the App is the only thing that interacts with the server), these requests being: (note that the code prints the IP and the request)

got a connection from ('185.180.143.143', 38336)
GET / HTTP/1.1
Host: my IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36
Accept: */*
Accept-Encoding: gzip


['GET / HTTP/1.1\r', 'Host: my IP:137\r', 'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36 \r', 'Accept: */*\r', 'Accept-Encoding: gzip\r', '\r', '']
request GET / HTTP/1.1

and

got a connection from ('185.180.143.143', 48251)
SSH-2.0-Go

['SSH-2.0-Go\r', '']
request SSH-2.0-Go

and

got a connection from ('185.180.143.143', 42344)
GET / HTTP/1.1


['GET / HTTP/1.1 \r', '\r', '']
request GET / HTTP/1.1

and

got a connection from ('192.241.209.78', 51102)
MGLNDD_my Ip_137

['MGLNDD_my IP_137', '']
request MGLNDD_my IP_137

Are these bots or hackers or something to do with the server service itself?

ISP for 185.180.143.143 NSEC - Sistemas Informaticos S.A, location Belgium and/or Portugal

ISP for 192.241.209.78 DigitalOcean LLC, location US

Ofcourse I'll look into adding security if this is actually a threat, though noone has access to the App but me (personal use)

CodePudding user response:

Well, your server is exposed to the internet, so anyone can make a request to it, not just your App.

You're seeing those random someones making requests, and sure enough if they can figure out how to command your program to do trades, they can do it.

I'd suggest adding authentication, and better yet using TLS/SSL to encrypt your traffic.

Page link:https//www.codepudding.com/Enterprise/467686.html

Prev:How to find an element with respect to it's parent element with Selenium and Python
Next:How to add multiple custom ticks to seaborn boxplot
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding