ERROR - Connector: 404 - file not found for file ... caused by Automated vulnerability scanners?
Hi all, On one of our apps we get a high number of ERROR - Connector: 404 - file not found for file … messages in the logging The files they are trying to access are things like: .git-credentials, wp-login.php, a'"><injectable>, .htpasswd, mysql.sql etc. My assumption is that they are caused by automated vulnerability scanners. I've contact Mendix support and they could only provided access logs and directed me to Path Based Access Restrictions and the Access Restriction Profiles documentation. Which doesn’t really contain a solution to this specific issue I have the following observations The number of attempts is sometimes 500 requests per day IP-addresses vary per day Requests are directed at the [app].mendixcloud.com and not at the custom domain (we don't use the mendixcloud.com url) Path based acccess restrictions don't allow me to block file types, and many requests are on the root My goal is to get rid of these errors in the log by blocking these requests. Does anyone recognize these issues? Shouldn't Mendix cloud block these requests anyway? Are there any option within the current cloud/platform options I'm overlooking that can be used? it would also be nice to know if many apps have similar issues, that might increase the priority for Mendix to implement a feature for this. Thanks! Stephan
Mendix is aware of these scans and yes IMHO Mendix should fix this because it clutters your logs etc. And it is not your app only. All my environments encounter this. And you are not the only one with tickets about this. Hopefully Mendix will implement something to fix this because allthough there is no security risk nor does it impact the performance of your app it is irritating as h..