I have recently installed the Cape group Logging module on my server, so have been paying more attention to the logs than normal ;) I've seen some strange entries To me these look like attacks on the server rather than an internal problem with Mendix, but I was wondering if someone can confirm. manager/html looks like an attack on Tomcat, some of the other ones look like probing for installations of auction software, and the second image contains probes for PHP on the server. Would moving the Mendix server to a more obscure port help here (the port Mendix runs on is opened through the firewall), or is there any other way to avoid these attacks?
asked
David Sanders
3 answers
3
This is indeed "normal" for any web server accessibly from the internet. One thing that you might want to do is put Mendix behind some web server (we usually use Apache, Mendix uses nginx in their hosting environment, IIS should also work). This has the following advantages and keeps the "attacks" from reaching Mendix:
You can use URL redirecting, virtual hosts, etc to give Mendix a "user friendly" external URL
You can add security to the connection (HTTPS for example)
You can block access to certain pages; /ws-doc/ for example if you don't want the world to see all your published web services
You can let the web server host all the static content (web folder of Mendix) and take care of all the invalid requests (phpMyAdmin-2.6.3/main.php etc) resulting in less traffic/requests to the Mendix application server
answered
Alexander Willemsen
1
Someone is trying to get access to your auctions in different languages.
So if you're not running an auction, that's definitely attacks.
Not much you can do about, actually.
Every port that's exposed to the internet comes under fire. Some more than others but I would not spend time trying to reduce the number of attempts by moving ports etc. You'll never get rid of the stuff.
answered
Jan Doggen
1
Yeah, sure looks like someone is checking your server against known exploits.