Possible server attacks

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Possible server attacks

Miracle
Hello django developers,

I might be experiencing a possible attack on my web server,  but I am not sure yet.
Below is the email I got from my django.
I've gotten over 50 similar emails over the past 3 days.

Please, help me with this.


Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Report at /SQlite/main.php

Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Request Method: GET
Request URL: https://35.192.28.182/SQlite/main.php

Django Version: 2.2.8
Python Executable: /home/hello/wsp/env/bin/python3
Python Version: 3.6.9
Python Path: ['/home/hello/wsp', '/home/hello/wsp/env/bin', '/usr/lib/python36.zip', '/usr/lib/python3.6', '/usr/lib/python3.6/lib-dynload', '/home/hello/wsp/env/lib/python3.6/site-packages']
Server time: Sun, 3 May 2020 19:22:55 +0000
Show quoted text
HTTP_ACCEPT = 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'
HTTP_ACCEPT_ENCODING = 'gzip, deflate, br'
HTTP_ACCEPT_LANGUAGE = 'en-GB,en-US;q=0.9,en;q=0.8,ig;q=0.7'
HTTP_CONNECTION = 'close'
HTTP_COOKIE = 'csrftoken=mX6nNccvMIycyGeE4tF0hciqwfsccdaK8X8ZDt8YgimJeQYTjQFjxfB4YGNCZ9Ik; sessionid=mbmg0dvoz2tebman7ereia9eue59wto7'
HTTP_HOST = '35.192.28.182'
HTTP_SAVE_DATA = 'on'

HTTP_SEC_FETCH_DEST = 'document'
HTTP_SEC_FETCH_MODE = 'navigate'
HTTP_SEC_FETCH_SITE = 'none'
HTTP_UPGRADE_INSECURE_REQUESTS = '1'
HTTP_USER_AGENT = 'Mozilla/5.0 (Linux; Android 9; SM-A307FN) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.117 Mobile Safari/537.36'
HTTP_X_FORWARDED_FOR = '197.211.61.210'
HTTP_X_FORWARDED_PROTO = 'https'
HTTP_X_REAL_IP = '197.211.61.210'
PATH_INFO = '/SQlite/main.php'
QUERY_STRING = ''
RAW_URI = '/SQlite/main.php'
REMOTE_ADDR = ''
REQUEST_METHOD = 'GET'
SCRIPT_NAME = ''
SERVER_NAME = '35.192.28.182'
SERVER_PORT = '443'
SERVER_PROTOCOL = 'HTTP/1.0'
SERVER_SOFTWARE = 'gunicorn/20.0.4'
gunicorn.socket = <socket.socket fd=9, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, laddr=/home/hello/wsp/app.sock>
wsgi.errors = <gunicorn.http.wsgi.WSGIErrorsWrapper object at 0x7f20fa4288d0>
wsgi.file_wrapper = ''
wsgi.input = <gunicorn.http.body.Body object at 0x7f20fa4280f0>




kind  regards,

Miracle

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jBZojn_UhiYUgPZiP2tvcYnmggOVq24nUbCXCX_D0990A%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Possible server attacks

Motaz Hejaze
What is the script main.php ???

On Sun, 3 May 2020, 10:43 pm Miracle, <[hidden email]> wrote:
Hello django developers,

I might be experiencing a possible attack on my web server,  but I am not sure yet.
Below is the email I got from my django.
I've gotten over 50 similar emails over the past 3 days.

Please, help me with this.


Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Report at /SQlite/main.php

Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Request Method: GET
Request URL: https://35.192.28.182/SQlite/main.php

Django Version: 2.2.8
Python Executable: /home/hello/wsp/env/bin/python3
Python Version: 3.6.9
Python Path: ['/home/hello/wsp', '/home/hello/wsp/env/bin', '/usr/lib/python36.zip', '/usr/lib/python3.6', '/usr/lib/python3.6/lib-dynload', '/home/hello/wsp/env/lib/python3.6/site-packages']
Server time: Sun, 3 May 2020 19:22:55 +0000
Show quoted text
HTTP_ACCEPT = 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'
HTTP_ACCEPT_ENCODING = 'gzip, deflate, br'
HTTP_ACCEPT_LANGUAGE = 'en-GB,en-US;q=0.9,en;q=0.8,ig;q=0.7'
HTTP_CONNECTION = 'close'
HTTP_COOKIE = 'csrftoken=mX6nNccvMIycyGeE4tF0hciqwfsccdaK8X8ZDt8YgimJeQYTjQFjxfB4YGNCZ9Ik; sessionid=mbmg0dvoz2tebman7ereia9eue59wto7'
HTTP_HOST = '35.192.28.182'
HTTP_SAVE_DATA = 'on'

HTTP_SEC_FETCH_DEST = 'document'
HTTP_SEC_FETCH_MODE = 'navigate'
HTTP_SEC_FETCH_SITE = 'none'
HTTP_UPGRADE_INSECURE_REQUESTS = '1'
HTTP_USER_AGENT = 'Mozilla/5.0 (Linux; Android 9; SM-A307FN) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.117 Mobile Safari/537.36'
HTTP_X_FORWARDED_FOR = '197.211.61.210'
HTTP_X_FORWARDED_PROTO = 'https'
HTTP_X_REAL_IP = '197.211.61.210'
PATH_INFO = '/SQlite/main.php'
QUERY_STRING = ''
RAW_URI = '/SQlite/main.php'
REMOTE_ADDR = ''
REQUEST_METHOD = 'GET'
SCRIPT_NAME = ''
SERVER_NAME = '35.192.28.182'
SERVER_PORT = '443'
SERVER_PROTOCOL = 'HTTP/1.0'
SERVER_SOFTWARE = 'gunicorn/20.0.4'
gunicorn.socket = <socket.socket fd=9, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, laddr=/home/hello/wsp/app.sock>
wsgi.errors = <gunicorn.http.wsgi.WSGIErrorsWrapper object at 0x7f20fa4288d0>
wsgi.file_wrapper = ''
wsgi.input = <gunicorn.http.body.Body object at 0x7f20fa4280f0>




kind  regards,

Miracle

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jBZojn_UhiYUgPZiP2tvcYnmggOVq24nUbCXCX_D0990A%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHV4E-d0iU5tYOPBeAVTuQLUgzVOM4v9Gu4s_rtxLqFFZr71dA%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Possible server attacks

Miracle
I don't know honestly.

I got those error messages because I included my email and username in settings.py like this 

ADMINS = ['username', '[hidden email]']

On Sun, 3 May 2020, 10:24 pm Motaz Hejaze, <[hidden email]> wrote:
What is the script main.php ???

On Sun, 3 May 2020, 10:43 pm Miracle, <[hidden email]> wrote:
Hello django developers,

I might be experiencing a possible attack on my web server,  but I am not sure yet.
Below is the email I got from my django.
I've gotten over 50 similar emails over the past 3 days.

Please, help me with this.


Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Report at /SQlite/main.php

Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Request Method: GET
Request URL: https://35.192.28.182/SQlite/main.php

Django Version: 2.2.8
Python Executable: /home/hello/wsp/env/bin/python3
Python Version: 3.6.9
Python Path: ['/home/hello/wsp', '/home/hello/wsp/env/bin', '/usr/lib/python36.zip', '/usr/lib/python3.6', '/usr/lib/python3.6/lib-dynload', '/home/hello/wsp/env/lib/python3.6/site-packages']
Server time: Sun, 3 May 2020 19:22:55 +0000
Show quoted text
HTTP_ACCEPT = 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'
HTTP_ACCEPT_ENCODING = 'gzip, deflate, br'
HTTP_ACCEPT_LANGUAGE = 'en-GB,en-US;q=0.9,en;q=0.8,ig;q=0.7'
HTTP_CONNECTION = 'close'
HTTP_COOKIE = 'csrftoken=mX6nNccvMIycyGeE4tF0hciqwfsccdaK8X8ZDt8YgimJeQYTjQFjxfB4YGNCZ9Ik; sessionid=mbmg0dvoz2tebman7ereia9eue59wto7'
HTTP_HOST = '35.192.28.182'
HTTP_SAVE_DATA = 'on'

HTTP_SEC_FETCH_DEST = 'document'
HTTP_SEC_FETCH_MODE = 'navigate'
HTTP_SEC_FETCH_SITE = 'none'
HTTP_UPGRADE_INSECURE_REQUESTS = '1'
HTTP_USER_AGENT = 'Mozilla/5.0 (Linux; Android 9; SM-A307FN) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.117 Mobile Safari/537.36'
HTTP_X_FORWARDED_FOR = '197.211.61.210'
HTTP_X_FORWARDED_PROTO = 'https'
HTTP_X_REAL_IP = '197.211.61.210'
PATH_INFO = '/SQlite/main.php'
QUERY_STRING = ''
RAW_URI = '/SQlite/main.php'
REMOTE_ADDR = ''
REQUEST_METHOD = 'GET'
SCRIPT_NAME = ''
SERVER_NAME = '35.192.28.182'
SERVER_PORT = '443'
SERVER_PROTOCOL = 'HTTP/1.0'
SERVER_SOFTWARE = 'gunicorn/20.0.4'
gunicorn.socket = <socket.socket fd=9, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, laddr=/home/hello/wsp/app.sock>
wsgi.errors = <gunicorn.http.wsgi.WSGIErrorsWrapper object at 0x7f20fa4288d0>
wsgi.file_wrapper = ''
wsgi.input = <gunicorn.http.body.Body object at 0x7f20fa4280f0>




kind  regards,

Miracle

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jBZojn_UhiYUgPZiP2tvcYnmggOVq24nUbCXCX_D0990A%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHV4E-d0iU5tYOPBeAVTuQLUgzVOM4v9Gu4s_rtxLqFFZr71dA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jD%3DmcgZf7qgOwoWyrS67p-FMUrCfxY1q7T%3D3exPK0Wn8A%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Possible server attacks

Miracle
I think the possible attacker thinks I am using PHP

On Sun, 3 May 2020, 10:29 pm Miracle, <[hidden email]> wrote:
I don't know honestly.

I got those error messages because I included my email and username in settings.py like this 

ADMINS = ['username', '[hidden email]']

On Sun, 3 May 2020, 10:24 pm Motaz Hejaze, <[hidden email]> wrote:
What is the script main.php ???

On Sun, 3 May 2020, 10:43 pm Miracle, <[hidden email]> wrote:
Hello django developers,

I might be experiencing a possible attack on my web server,  but I am not sure yet.
Below is the email I got from my django.
I've gotten over 50 similar emails over the past 3 days.

Please, help me with this.


Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Report at /SQlite/main.php

Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Request Method: GET
Request URL: https://35.192.28.182/SQlite/main.php

Django Version: 2.2.8
Python Executable: /home/hello/wsp/env/bin/python3
Python Version: 3.6.9
Python Path: ['/home/hello/wsp', '/home/hello/wsp/env/bin', '/usr/lib/python36.zip', '/usr/lib/python3.6', '/usr/lib/python3.6/lib-dynload', '/home/hello/wsp/env/lib/python3.6/site-packages']
Server time: Sun, 3 May 2020 19:22:55 +0000
Show quoted text
HTTP_ACCEPT = 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'
HTTP_ACCEPT_ENCODING = 'gzip, deflate, br'
HTTP_ACCEPT_LANGUAGE = 'en-GB,en-US;q=0.9,en;q=0.8,ig;q=0.7'
HTTP_CONNECTION = 'close'
HTTP_COOKIE = 'csrftoken=mX6nNccvMIycyGeE4tF0hciqwfsccdaK8X8ZDt8YgimJeQYTjQFjxfB4YGNCZ9Ik; sessionid=mbmg0dvoz2tebman7ereia9eue59wto7'
HTTP_HOST = '35.192.28.182'
HTTP_SAVE_DATA = 'on'

HTTP_SEC_FETCH_DEST = 'document'
HTTP_SEC_FETCH_MODE = 'navigate'
HTTP_SEC_FETCH_SITE = 'none'
HTTP_UPGRADE_INSECURE_REQUESTS = '1'
HTTP_USER_AGENT = 'Mozilla/5.0 (Linux; Android 9; SM-A307FN) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.117 Mobile Safari/537.36'
HTTP_X_FORWARDED_FOR = '197.211.61.210'
HTTP_X_FORWARDED_PROTO = 'https'
HTTP_X_REAL_IP = '197.211.61.210'
PATH_INFO = '/SQlite/main.php'
QUERY_STRING = ''
RAW_URI = '/SQlite/main.php'
REMOTE_ADDR = ''
REQUEST_METHOD = 'GET'
SCRIPT_NAME = ''
SERVER_NAME = '35.192.28.182'
SERVER_PORT = '443'
SERVER_PROTOCOL = 'HTTP/1.0'
SERVER_SOFTWARE = 'gunicorn/20.0.4'
gunicorn.socket = <socket.socket fd=9, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, laddr=/home/hello/wsp/app.sock>
wsgi.errors = <gunicorn.http.wsgi.WSGIErrorsWrapper object at 0x7f20fa4288d0>
wsgi.file_wrapper = ''
wsgi.input = <gunicorn.http.body.Body object at 0x7f20fa4280f0>




kind  regards,

Miracle

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jBZojn_UhiYUgPZiP2tvcYnmggOVq24nUbCXCX_D0990A%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHV4E-d0iU5tYOPBeAVTuQLUgzVOM4v9Gu4s_rtxLqFFZr71dA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jDTCNZMFy_6gp4X_cx5Vy9vMCWEk_X-GKsYizeTpWEkow%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Possible server attacks

Motaz Hejaze
I think you have a script somewhere that calls this ip and main.php on that server ..

Do you add any third party addons both on frontend and backend ??


On Sun, 3 May 2020, 11:31 pm Miracle, <[hidden email]> wrote:
I think the possible attacker thinks I am using PHP

On Sun, 3 May 2020, 10:29 pm Miracle, <[hidden email]> wrote:
I don't know honestly.

I got those error messages because I included my email and username in settings.py like this 

ADMINS = ['username', '[hidden email]']

On Sun, 3 May 2020, 10:24 pm Motaz Hejaze, <[hidden email]> wrote:
What is the script main.php ???

On Sun, 3 May 2020, 10:43 pm Miracle, <[hidden email]> wrote:
Hello django developers,

I might be experiencing a possible attack on my web server,  but I am not sure yet.
Below is the email I got from my django.
I've gotten over 50 similar emails over the past 3 days.

Please, help me with this.


Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Report at /SQlite/main.php

Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Request Method: GET
Request URL: https://35.192.28.182/SQlite/main.php

Django Version: 2.2.8
Python Executable: /home/hello/wsp/env/bin/python3
Python Version: 3.6.9
Python Path: ['/home/hello/wsp', '/home/hello/wsp/env/bin', '/usr/lib/python36.zip', '/usr/lib/python3.6', '/usr/lib/python3.6/lib-dynload', '/home/hello/wsp/env/lib/python3.6/site-packages']
Server time: Sun, 3 May 2020 19:22:55 +0000
Show quoted text
HTTP_ACCEPT = 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'
HTTP_ACCEPT_ENCODING = 'gzip, deflate, br'
HTTP_ACCEPT_LANGUAGE = 'en-GB,en-US;q=0.9,en;q=0.8,ig;q=0.7'
HTTP_CONNECTION = 'close'
HTTP_COOKIE = 'csrftoken=mX6nNccvMIycyGeE4tF0hciqwfsccdaK8X8ZDt8YgimJeQYTjQFjxfB4YGNCZ9Ik; sessionid=mbmg0dvoz2tebman7ereia9eue59wto7'
HTTP_HOST = '35.192.28.182'
HTTP_SAVE_DATA = 'on'

HTTP_SEC_FETCH_DEST = 'document'
HTTP_SEC_FETCH_MODE = 'navigate'
HTTP_SEC_FETCH_SITE = 'none'
HTTP_UPGRADE_INSECURE_REQUESTS = '1'
HTTP_USER_AGENT = 'Mozilla/5.0 (Linux; Android 9; SM-A307FN) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.117 Mobile Safari/537.36'
HTTP_X_FORWARDED_FOR = '197.211.61.210'
HTTP_X_FORWARDED_PROTO = 'https'
HTTP_X_REAL_IP = '197.211.61.210'
PATH_INFO = '/SQlite/main.php'
QUERY_STRING = ''
RAW_URI = '/SQlite/main.php'
REMOTE_ADDR = ''
REQUEST_METHOD = 'GET'
SCRIPT_NAME = ''
SERVER_NAME = '35.192.28.182'
SERVER_PORT = '443'
SERVER_PROTOCOL = 'HTTP/1.0'
SERVER_SOFTWARE = 'gunicorn/20.0.4'
gunicorn.socket = <socket.socket fd=9, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, laddr=/home/hello/wsp/app.sock>
wsgi.errors = <gunicorn.http.wsgi.WSGIErrorsWrapper object at 0x7f20fa4288d0>
wsgi.file_wrapper = ''
wsgi.input = <gunicorn.http.body.Body object at 0x7f20fa4280f0>




kind  regards,

Miracle

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jBZojn_UhiYUgPZiP2tvcYnmggOVq24nUbCXCX_D0990A%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHV4E-d0iU5tYOPBeAVTuQLUgzVOM4v9Gu4s_rtxLqFFZr71dA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jDTCNZMFy_6gp4X_cx5Vy9vMCWEk_X-GKsYizeTpWEkow%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHV4E-f_806e5aJ%2BTyPKyPag-5Z4BmX_AyvOfzEoj9xNiSTEzw%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Possible server attacks

Miracle
I do not know of any script like that.
Atleast, I didn't write any.

A get these calls on the following paths:

/sqlite/main.php,
/robots.txt,
/,
/owa/auth/logon.aspx,
/cgi-bin/config.exp,
/HNAP1/,
/hudson/script,
/script,
/sqlitemanager/main.php,
 /SQLiteManager/main.php,
/SQLite/main.php,
/main.php,
/test/sqlite/SQLiteManager-1.2.0/SQLiteManager-1.2.0/main.php,


Please, what could be the problem?





On Sun, 3 May 2020, 11:03 pm Motaz Hejaze, <[hidden email]> wrote:
I think you have a script somewhere that calls this ip and main.php on that server ..

Do you add any third party addons both on frontend and backend ??


On Sun, 3 May 2020, 11:31 pm Miracle, <[hidden email]> wrote:
I think the possible attacker thinks I am using PHP

On Sun, 3 May 2020, 10:29 pm Miracle, <[hidden email]> wrote:
I don't know honestly.

I got those error messages because I included my email and username in settings.py like this 

ADMINS = ['username', '[hidden email]']

On Sun, 3 May 2020, 10:24 pm Motaz Hejaze, <[hidden email]> wrote:
What is the script main.php ???

On Sun, 3 May 2020, 10:43 pm Miracle, <[hidden email]> wrote:
Hello django developers,

I might be experiencing a possible attack on my web server,  but I am not sure yet.
Below is the email I got from my django.
I've gotten over 50 similar emails over the past 3 days.

Please, help me with this.


Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Report at /SQlite/main.php

Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Request Method: GET
Request URL: https://35.192.28.182/SQlite/main.php

Django Version: 2.2.8
Python Executable: /home/hello/wsp/env/bin/python3
Python Version: 3.6.9
Python Path: ['/home/hello/wsp', '/home/hello/wsp/env/bin', '/usr/lib/python36.zip', '/usr/lib/python3.6', '/usr/lib/python3.6/lib-dynload', '/home/hello/wsp/env/lib/python3.6/site-packages']
Server time: Sun, 3 May 2020 19:22:55 +0000
Show quoted text
HTTP_ACCEPT = 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'
HTTP_ACCEPT_ENCODING = 'gzip, deflate, br'
HTTP_ACCEPT_LANGUAGE = 'en-GB,en-US;q=0.9,en;q=0.8,ig;q=0.7'
HTTP_CONNECTION = 'close'
HTTP_COOKIE = 'csrftoken=mX6nNccvMIycyGeE4tF0hciqwfsccdaK8X8ZDt8YgimJeQYTjQFjxfB4YGNCZ9Ik; sessionid=mbmg0dvoz2tebman7ereia9eue59wto7'
HTTP_HOST = '35.192.28.182'
HTTP_SAVE_DATA = 'on'

HTTP_SEC_FETCH_DEST = 'document'
HTTP_SEC_FETCH_MODE = 'navigate'
HTTP_SEC_FETCH_SITE = 'none'
HTTP_UPGRADE_INSECURE_REQUESTS = '1'
HTTP_USER_AGENT = 'Mozilla/5.0 (Linux; Android 9; SM-A307FN) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.117 Mobile Safari/537.36'
HTTP_X_FORWARDED_FOR = '197.211.61.210'
HTTP_X_FORWARDED_PROTO = 'https'
HTTP_X_REAL_IP = '197.211.61.210'
PATH_INFO = '/SQlite/main.php'
QUERY_STRING = ''
RAW_URI = '/SQlite/main.php'
REMOTE_ADDR = ''
REQUEST_METHOD = 'GET'
SCRIPT_NAME = ''
SERVER_NAME = '35.192.28.182'
SERVER_PORT = '443'
SERVER_PROTOCOL = 'HTTP/1.0'
SERVER_SOFTWARE = 'gunicorn/20.0.4'
gunicorn.socket = <socket.socket fd=9, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, laddr=/home/hello/wsp/app.sock>
wsgi.errors = <gunicorn.http.wsgi.WSGIErrorsWrapper object at 0x7f20fa4288d0>
wsgi.file_wrapper = ''
wsgi.input = <gunicorn.http.body.Body object at 0x7f20fa4280f0>




kind  regards,

Miracle

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jBZojn_UhiYUgPZiP2tvcYnmggOVq24nUbCXCX_D0990A%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHV4E-d0iU5tYOPBeAVTuQLUgzVOM4v9Gu4s_rtxLqFFZr71dA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jDTCNZMFy_6gp4X_cx5Vy9vMCWEk_X-GKsYizeTpWEkow%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHV4E-f_806e5aJ%2BTyPKyPag-5Z4BmX_AyvOfzEoj9xNiSTEzw%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jB3wxHUUET%2B64q0jJy9kZL9HarE_XXhmY0ipCAtHuPD-A%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Possible server attacks

aishtiaque
Observe how your server responds to these requests. Sometimes these requests are sent by attackers hoping that your server might respond with sensitive data that it shouldn't be sending. Generally, ensuring that invalid requests end up with your server sending error responses and not actual sensitive data that your database has is all you need to do. 

Hope this helps.

On Sun, May 3, 2020 at 6:51 PM Miracle <[hidden email]> wrote:
I do not know of any script like that.
Atleast, I didn't write any.

A get these calls on the following paths:

/sqlite/main.php,
/robots.txt,
/,
/owa/auth/logon.aspx,
/cgi-bin/config.exp,
/HNAP1/,
/hudson/script,
/script,
/sqlitemanager/main.php,
 /SQLiteManager/main.php,
/SQLite/main.php,
/main.php,
/test/sqlite/SQLiteManager-1.2.0/SQLiteManager-1.2.0/main.php,


Please, what could be the problem?





On Sun, 3 May 2020, 11:03 pm Motaz Hejaze, <[hidden email]> wrote:
I think you have a script somewhere that calls this ip and main.php on that server ..

Do you add any third party addons both on frontend and backend ??


On Sun, 3 May 2020, 11:31 pm Miracle, <[hidden email]> wrote:
I think the possible attacker thinks I am using PHP

On Sun, 3 May 2020, 10:29 pm Miracle, <[hidden email]> wrote:
I don't know honestly.

I got those error messages because I included my email and username in settings.py like this 

ADMINS = ['username', '[hidden email]']

On Sun, 3 May 2020, 10:24 pm Motaz Hejaze, <[hidden email]> wrote:
What is the script main.php ???

On Sun, 3 May 2020, 10:43 pm Miracle, <[hidden email]> wrote:
Hello django developers,

I might be experiencing a possible attack on my web server,  but I am not sure yet.
Below is the email I got from my django.
I've gotten over 50 similar emails over the past 3 days.

Please, help me with this.


Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Report at /SQlite/main.php

Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Request Method: GET
Request URL: https://35.192.28.182/SQlite/main.php

Django Version: 2.2.8
Python Executable: /home/hello/wsp/env/bin/python3
Python Version: 3.6.9
Python Path: ['/home/hello/wsp', '/home/hello/wsp/env/bin', '/usr/lib/python36.zip', '/usr/lib/python3.6', '/usr/lib/python3.6/lib-dynload', '/home/hello/wsp/env/lib/python3.6/site-packages']
Server time: Sun, 3 May 2020 19:22:55 +0000
Show quoted text
HTTP_ACCEPT = 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'
HTTP_ACCEPT_ENCODING = 'gzip, deflate, br'
HTTP_ACCEPT_LANGUAGE = 'en-GB,en-US;q=0.9,en;q=0.8,ig;q=0.7'
HTTP_CONNECTION = 'close'
HTTP_COOKIE = 'csrftoken=mX6nNccvMIycyGeE4tF0hciqwfsccdaK8X8ZDt8YgimJeQYTjQFjxfB4YGNCZ9Ik; sessionid=mbmg0dvoz2tebman7ereia9eue59wto7'
HTTP_HOST = '35.192.28.182'
HTTP_SAVE_DATA = 'on'

HTTP_SEC_FETCH_DEST = 'document'
HTTP_SEC_FETCH_MODE = 'navigate'
HTTP_SEC_FETCH_SITE = 'none'
HTTP_UPGRADE_INSECURE_REQUESTS = '1'
HTTP_USER_AGENT = 'Mozilla/5.0 (Linux; Android 9; SM-A307FN) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.117 Mobile Safari/537.36'
HTTP_X_FORWARDED_FOR = '197.211.61.210'
HTTP_X_FORWARDED_PROTO = 'https'
HTTP_X_REAL_IP = '197.211.61.210'
PATH_INFO = '/SQlite/main.php'
QUERY_STRING = ''
RAW_URI = '/SQlite/main.php'
REMOTE_ADDR = ''
REQUEST_METHOD = 'GET'
SCRIPT_NAME = ''
SERVER_NAME = '35.192.28.182'
SERVER_PORT = '443'
SERVER_PROTOCOL = 'HTTP/1.0'
SERVER_SOFTWARE = 'gunicorn/20.0.4'
gunicorn.socket = <socket.socket fd=9, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, laddr=/home/hello/wsp/app.sock>
wsgi.errors = <gunicorn.http.wsgi.WSGIErrorsWrapper object at 0x7f20fa4288d0>
wsgi.file_wrapper = ''
wsgi.input = <gunicorn.http.body.Body object at 0x7f20fa4280f0>




kind  regards,

Miracle

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jBZojn_UhiYUgPZiP2tvcYnmggOVq24nUbCXCX_D0990A%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHV4E-d0iU5tYOPBeAVTuQLUgzVOM4v9Gu4s_rtxLqFFZr71dA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jDTCNZMFy_6gp4X_cx5Vy9vMCWEk_X-GKsYizeTpWEkow%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHV4E-f_806e5aJ%2BTyPKyPag-5Z4BmX_AyvOfzEoj9xNiSTEzw%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jB3wxHUUET%2B64q0jJy9kZL9HarE_XXhmY0ipCAtHuPD-A%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAKizqR7pmO4LmDN1UPCUag_t1sb-4gvihyQhUACLsA1GbyuBPg%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Possible server attacks

Motaz Hejaze
check the log file , what are the acts that invokes the call to those links ????  
example , logging in ? upload an image ? any act

also try to check if there is a malicious script installed on your server , 

take a peace from the text above and search for it ..

Example:

grep -lR "/sqlitemanager/main.php" /home

replace /home with the location of your files ..and replace the string by anything from the error message above

On Mon, May 4, 2020 at 1:24 AM Ahmed Ishtiaque <[hidden email]> wrote:
Observe how your server responds to these requests. Sometimes these requests are sent by attackers hoping that your server might respond with sensitive data that it shouldn't be sending. Generally, ensuring that invalid requests end up with your server sending error responses and not actual sensitive data that your database has is all you need to do. 

Hope this helps.

On Sun, May 3, 2020 at 6:51 PM Miracle <[hidden email]> wrote:
I do not know of any script like that.
Atleast, I didn't write any.

A get these calls on the following paths:

/sqlite/main.php,
/robots.txt,
/,
/owa/auth/logon.aspx,
/cgi-bin/config.exp,
/HNAP1/,
/hudson/script,
/script,
/sqlitemanager/main.php,
 /SQLiteManager/main.php,
/SQLite/main.php,
/main.php,
/test/sqlite/SQLiteManager-1.2.0/SQLiteManager-1.2.0/main.php,


Please, what could be the problem?





On Sun, 3 May 2020, 11:03 pm Motaz Hejaze, <[hidden email]> wrote:
I think you have a script somewhere that calls this ip and main.php on that server ..

Do you add any third party addons both on frontend and backend ??


On Sun, 3 May 2020, 11:31 pm Miracle, <[hidden email]> wrote:
I think the possible attacker thinks I am using PHP

On Sun, 3 May 2020, 10:29 pm Miracle, <[hidden email]> wrote:
I don't know honestly.

I got those error messages because I included my email and username in settings.py like this 

ADMINS = ['username', '[hidden email]']

On Sun, 3 May 2020, 10:24 pm Motaz Hejaze, <[hidden email]> wrote:
What is the script main.php ???

On Sun, 3 May 2020, 10:43 pm Miracle, <[hidden email]> wrote:
Hello django developers,

I might be experiencing a possible attack on my web server,  but I am not sure yet.
Below is the email I got from my django.
I've gotten over 50 similar emails over the past 3 days.

Please, help me with this.


Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Report at /SQlite/main.php

Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Request Method: GET
Request URL: https://35.192.28.182/SQlite/main.php

Django Version: 2.2.8
Python Executable: /home/hello/wsp/env/bin/python3
Python Version: 3.6.9
Python Path: ['/home/hello/wsp', '/home/hello/wsp/env/bin', '/usr/lib/python36.zip', '/usr/lib/python3.6', '/usr/lib/python3.6/lib-dynload', '/home/hello/wsp/env/lib/python3.6/site-packages']
Server time: Sun, 3 May 2020 19:22:55 +0000
Show quoted text
HTTP_ACCEPT = 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'
HTTP_ACCEPT_ENCODING = 'gzip, deflate, br'
HTTP_ACCEPT_LANGUAGE = 'en-GB,en-US;q=0.9,en;q=0.8,ig;q=0.7'
HTTP_CONNECTION = 'close'
HTTP_COOKIE = 'csrftoken=mX6nNccvMIycyGeE4tF0hciqwfsccdaK8X8ZDt8YgimJeQYTjQFjxfB4YGNCZ9Ik; sessionid=mbmg0dvoz2tebman7ereia9eue59wto7'
HTTP_HOST = '35.192.28.182'
HTTP_SAVE_DATA = 'on'

HTTP_SEC_FETCH_DEST = 'document'
HTTP_SEC_FETCH_MODE = 'navigate'
HTTP_SEC_FETCH_SITE = 'none'
HTTP_UPGRADE_INSECURE_REQUESTS = '1'
HTTP_USER_AGENT = 'Mozilla/5.0 (Linux; Android 9; SM-A307FN) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.117 Mobile Safari/537.36'
HTTP_X_FORWARDED_FOR = '197.211.61.210'
HTTP_X_FORWARDED_PROTO = 'https'
HTTP_X_REAL_IP = '197.211.61.210'
PATH_INFO = '/SQlite/main.php'
QUERY_STRING = ''
RAW_URI = '/SQlite/main.php'
REMOTE_ADDR = ''
REQUEST_METHOD = 'GET'
SCRIPT_NAME = ''
SERVER_NAME = '35.192.28.182'
SERVER_PORT = '443'
SERVER_PROTOCOL = 'HTTP/1.0'
SERVER_SOFTWARE = 'gunicorn/20.0.4'
gunicorn.socket = <socket.socket fd=9, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, laddr=/home/hello/wsp/app.sock>
wsgi.errors = <gunicorn.http.wsgi.WSGIErrorsWrapper object at 0x7f20fa4288d0>
wsgi.file_wrapper = ''
wsgi.input = <gunicorn.http.body.Body object at 0x7f20fa4280f0>




kind  regards,

Miracle

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jBZojn_UhiYUgPZiP2tvcYnmggOVq24nUbCXCX_D0990A%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHV4E-d0iU5tYOPBeAVTuQLUgzVOM4v9Gu4s_rtxLqFFZr71dA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jDTCNZMFy_6gp4X_cx5Vy9vMCWEk_X-GKsYizeTpWEkow%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHV4E-f_806e5aJ%2BTyPKyPag-5Z4BmX_AyvOfzEoj9xNiSTEzw%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jB3wxHUUET%2B64q0jJy9kZL9HarE_XXhmY0ipCAtHuPD-A%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAKizqR7pmO4LmDN1UPCUag_t1sb-4gvihyQhUACLsA1GbyuBPg%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHV4E-cw7rZLVFStWHtrm4y_AH5rNDUknQsQW95zZ6ZWDvHT%2Bw%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Possible server attacks

Miracle
Okay, 

I will do all those.

Thank you so much. 

I appreciate.

On Mon, 4 May 2020, 1:26 am Motaz Hejaze, <[hidden email]> wrote:
check the log file , what are the acts that invokes the call to those links ????  
example , logging in ? upload an image ? any act

also try to check if there is a malicious script installed on your server , 

take a peace from the text above and search for it ..

Example:

grep -lR "/sqlitemanager/main.php" /home

replace /home with the location of your files ..and replace the string by anything from the error message above

On Mon, May 4, 2020 at 1:24 AM Ahmed Ishtiaque <[hidden email]> wrote:
Observe how your server responds to these requests. Sometimes these requests are sent by attackers hoping that your server might respond with sensitive data that it shouldn't be sending. Generally, ensuring that invalid requests end up with your server sending error responses and not actual sensitive data that your database has is all you need to do. 

Hope this helps.

On Sun, May 3, 2020 at 6:51 PM Miracle <[hidden email]> wrote:
I do not know of any script like that.
Atleast, I didn't write any.

A get these calls on the following paths:

/sqlite/main.php,
/robots.txt,
/,
/owa/auth/logon.aspx,
/cgi-bin/config.exp,
/HNAP1/,
/hudson/script,
/script,
/sqlitemanager/main.php,
 /SQLiteManager/main.php,
/SQLite/main.php,
/main.php,
/test/sqlite/SQLiteManager-1.2.0/SQLiteManager-1.2.0/main.php,


Please, what could be the problem?





On Sun, 3 May 2020, 11:03 pm Motaz Hejaze, <[hidden email]> wrote:
I think you have a script somewhere that calls this ip and main.php on that server ..

Do you add any third party addons both on frontend and backend ??


On Sun, 3 May 2020, 11:31 pm Miracle, <[hidden email]> wrote:
I think the possible attacker thinks I am using PHP

On Sun, 3 May 2020, 10:29 pm Miracle, <[hidden email]> wrote:
I don't know honestly.

I got those error messages because I included my email and username in settings.py like this 

ADMINS = ['username', '[hidden email]']

On Sun, 3 May 2020, 10:24 pm Motaz Hejaze, <[hidden email]> wrote:
What is the script main.php ???

On Sun, 3 May 2020, 10:43 pm Miracle, <[hidden email]> wrote:
Hello django developers,

I might be experiencing a possible attack on my web server,  but I am not sure yet.
Below is the email I got from my django.
I've gotten over 50 similar emails over the past 3 days.

Please, help me with this.


Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Report at /SQlite/main.php

Invalid HTTP_HOST header: '35.192.28.182'. You may need to add '35.192.28.182' to ALLOWED_HOSTS.

Request Method: GET
Request URL: https://35.192.28.182/SQlite/main.php

Django Version: 2.2.8
Python Executable: /home/hello/wsp/env/bin/python3
Python Version: 3.6.9
Python Path: ['/home/hello/wsp', '/home/hello/wsp/env/bin', '/usr/lib/python36.zip', '/usr/lib/python3.6', '/usr/lib/python3.6/lib-dynload', '/home/hello/wsp/env/lib/python3.6/site-packages']
Server time: Sun, 3 May 2020 19:22:55 +0000
Show quoted text
HTTP_ACCEPT = 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'
HTTP_ACCEPT_ENCODING = 'gzip, deflate, br'
HTTP_ACCEPT_LANGUAGE = 'en-GB,en-US;q=0.9,en;q=0.8,ig;q=0.7'
HTTP_CONNECTION = 'close'
HTTP_COOKIE = 'csrftoken=mX6nNccvMIycyGeE4tF0hciqwfsccdaK8X8ZDt8YgimJeQYTjQFjxfB4YGNCZ9Ik; sessionid=mbmg0dvoz2tebman7ereia9eue59wto7'
HTTP_HOST = '35.192.28.182'
HTTP_SAVE_DATA = 'on'

HTTP_SEC_FETCH_DEST = 'document'
HTTP_SEC_FETCH_MODE = 'navigate'
HTTP_SEC_FETCH_SITE = 'none'
HTTP_UPGRADE_INSECURE_REQUESTS = '1'
HTTP_USER_AGENT = 'Mozilla/5.0 (Linux; Android 9; SM-A307FN) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.117 Mobile Safari/537.36'
HTTP_X_FORWARDED_FOR = '197.211.61.210'
HTTP_X_FORWARDED_PROTO = 'https'
HTTP_X_REAL_IP = '197.211.61.210'
PATH_INFO = '/SQlite/main.php'
QUERY_STRING = ''
RAW_URI = '/SQlite/main.php'
REMOTE_ADDR = ''
REQUEST_METHOD = 'GET'
SCRIPT_NAME = ''
SERVER_NAME = '35.192.28.182'
SERVER_PORT = '443'
SERVER_PROTOCOL = 'HTTP/1.0'
SERVER_SOFTWARE = 'gunicorn/20.0.4'
gunicorn.socket = <socket.socket fd=9, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, laddr=/home/hello/wsp/app.sock>
wsgi.errors = <gunicorn.http.wsgi.WSGIErrorsWrapper object at 0x7f20fa4288d0>
wsgi.file_wrapper = ''
wsgi.input = <gunicorn.http.body.Body object at 0x7f20fa4280f0>




kind  regards,

Miracle

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jBZojn_UhiYUgPZiP2tvcYnmggOVq24nUbCXCX_D0990A%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHV4E-d0iU5tYOPBeAVTuQLUgzVOM4v9Gu4s_rtxLqFFZr71dA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jDTCNZMFy_6gp4X_cx5Vy9vMCWEk_X-GKsYizeTpWEkow%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHV4E-f_806e5aJ%2BTyPKyPag-5Z4BmX_AyvOfzEoj9xNiSTEzw%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jB3wxHUUET%2B64q0jJy9kZL9HarE_XXhmY0ipCAtHuPD-A%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAKizqR7pmO4LmDN1UPCUag_t1sb-4gvihyQhUACLsA1GbyuBPg%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHV4E-cw7rZLVFStWHtrm4y_AH5rNDUknQsQW95zZ6ZWDvHT%2Bw%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CADZv-jANJd%3DPvSAd_4zt5oE4o0nKOaxv27qjBUwAJm3LevMTJg%40mail.gmail.com.