deploy_feedback icon indicating copy to clipboard operation
deploy_feedback copied to clipboard

Published 20 hours ago verified publisher icon denoland

[KV Feedback]: Block the specific IP that is attempting to exploit security vulnerabilities.

Open ynwd opened this issue 1 year ago • 3 comments

🔍

  • [ ] Did you search for existing issues?

Type of feedback

Feature request

Description

I receive the same IP address attempting to scan my server every day, every hour.

They are trying to exploit security vulnerabilities.

It seems like they are trying to locate a WordPress-based config file.

Is there a way to block it?

Screenshot 2023-08-30 at 17 03 38 Screenshot 2023-08-30 at 16 58 36

Steps to reproduce (if applicable)

No response

Expected behavior (if applicable)

No response

Possible solution (if applicable)

No response

Additional context

No response

ynwd avatar Aug 30 '23 10:08 ynwd

If you do something like this then you should be able to block it yourself before it opens a HTTP connection:

const listener = Deno.listen({port, hostname})
for await(const conn of listener) { // for each new TCP connection
  if (conn.remoteAddr == 'whichever IP address it is using') {
    conn.close()
    continue
  }
  tcpConnectionHandler(conn) // handle it async
}

Example of a tcpConnectionHandler:

async function tcpConnectionHandler(conn) {
  try {
    debug?.('new connection')
    const httpConn = Deno.serveHttp(conn)
    for await (const {request, respondWith} of httpConn) {
      httpRequestHandler(request, respondWith) // handle it async
    }
    debug?.('httpCon closed')
  } catch (error) {
    debug?.('connection error:', error)
    try {
      conn.close()
    } catch (error) {
      debug?.('close error:', error)
    }
  }
}

JoakimCh avatar Sep 10 '23 15:09 JoakimCh

If you do something like this then you should be able to block it yourself before it opens a HTTP connection:

const listener = Deno.listen({port, hostname})
for await(const conn of listener) { // for each new TCP connection
  if (conn.remoteAddr == 'whichever IP address it is using') {
    conn.close()
    continue
  }
  tcpConnectionHandler(conn) // handle it async
}

Example of a tcpConnectionHandler:

async function tcpConnectionHandler(conn) {
  try {
    debug?.('new connection')
    const httpConn = Deno.serveHttp(conn)
    for await (const {request, respondWith} of httpConn) {
      httpRequestHandler(request, respondWith) // handle it async
    }
    debug?.('httpCon closed')
  } catch (error) {
    debug?.('connection error:', error)
    try {
      conn.close()
    } catch (error) {
      debug?.('close error:', error)
    }
  }
}

Thx @JoakimCh

BTW, any info how to close connection if use Deno.serve ?

ynwd avatar Sep 12 '23 06:09 ynwd

BTW, any info how to close connection if use Deno.serve ?

I don't even know how to get the IP address related to the requests it responds with or the underlying socket. So nope, I don't know.

Would be nice if Deno.Serve supported an option for a block list, similar to what Node.js has: https://nodejs.org/api/net.html#class-netblocklist

JoakimCh avatar Sep 12 '23 07:09 JoakimCh