Cover Image

Background noise of the internet

A few days ago I've run into this post on facebook, and it really is a learning experience

#networking #websites #security
Profile Picture

kilokem admin

I’m a passionate Computer Science Engineer who loves solving complex problems and building innovative solutions at the intersection of creativity and technology.

Cyber security

For a long time I thought this whole cyber security thing was just a fancy term for people whose only job is to tell you, that you should not give your credit card details for strangers, and should not download anything from an email. Than I've faced some pretty nasty scams, but most of these were just "simple" social engineering. So I can honestly tell you that I havent faced any other kind of cyber attack (yeeeah since a while I really do concider myself a lucky fella)

And then I've found this random post on facebook about the "background noise of the internet", of corse it is just a catchy an dfunny name for that, but I really do think the writer had a point, especcialy since yesterday. Because during debugging, and updating my website I've checked my logs several times, and then found this:

  • INFO: 172.22.0.6:44558 - "GET / HTTP/1.1" 200 OK
  • INFO: 172.22.0.6:44574 - "GET /static/images/bg_night.jpg HTTP/1.1" 200 OK
  • INFO: 172.22.0.6:36244 - "GET /.env HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36246 - "GET /.env.local HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36258 - "GET /.env.dev HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36274 - "GET /.env.development HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36290 - "GET /.env.prod HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36294 - "GET /.env.production HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36308 - "GET /.env.stage HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36324 - "GET /.env.test HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36334 - "GET /.env.example HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36336 - "GET /.env.bak HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36338 - "GET /.env.old HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36348 - "GET /config/.env HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36352 - "GET /config/config.env HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36358 - "GET /app/.env HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36368 - "GET /admin/.env HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36384 - "GET /api/.env HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36398 - "GET /apps/.env HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36402 - "GET /server/.env HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36414 - "GET /backend/.env HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36426 - "GET /aws/credentials HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36440 - "GET /.aws/credentials HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36452 - "GET /.aws/config HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36468 - "GET /config/aws.yml HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36482 - "GET /config/aws.json HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36492 - "GET /docker-compose.yml HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36498 - "GET /docker-compose.override.yml HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36514 - "GET /docker-compose.prod.yml HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36528 - "GET /docker-compose.dev.yml HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36532 - "GET /config/config.json HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36540 - "GET /config.json HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36554 - "GET /config.yaml HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36570 - "GET /config.yml HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36580 - "GET /secrets.json HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36594 - "GET /secrets.yml HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36604 - "GET /credentials.json HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36618 - "GET /.git-credentials HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36622 - "GET /.git/config HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36626 - "GET /.gitignore HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36640 - "GET /.gitlab-ci.yml HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36652 - "GET /.github/workflows/ HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36654 - "GET /.idea/workspace.xml HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36666 - "GET /.vscode/settings.json HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36678 - "GET /storage/logs/laravel.log HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36682 - "GET /storage/logs/error.log HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36686 - "GET /logs/debug.log HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36694 - "GET /logs/app.log HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36696 - "GET /debug.log HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36700 - "GET /error.log HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36704 - "GET /.DS_Store HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36708 - "GET /backup.zip HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36710 - "GET /.backup HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36720 - "GET /db.sql HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36734 - "GET /dump.sql HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36736 - "GET /database.sql HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:36752 - "GET /backup.tar.gz HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:35760 - "GET /wordpress/wp-admin/setup-config.php HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:50866 - "GET /wp-admin/setup-config.php HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:55858 - "GET /wp-admin/setup-config.php HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:33890 - "GET /wordpress/wp-admin/setup-config.php HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:55822 - "GET /wordpress/wp-admin/setup-config.php HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:46306 - "GET /wp-admin/setup-config.php HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:46322 - "GET /wordpress/wp-admin/setup-config.php HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:37644 - "GET / HTTP/1.1" 200 OK
  • INFO: 172.22.0.6:54666 - "GET /wp-admin/setup-config.php HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:49872 - "GET /wordpress/wp-admin/setup-config.php HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:56820 - "GET /wp-admin/setup-config.php HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:51542 - "GET /wordpress/wp-admin/setup-config.php HTTP/1.1" 404 Not Found
  • INFO: 172.22.0.6:59508 - "GET /wp-admin/setup-config.php HTTP/1.1" 404 Not Found

After I publised the first version of my website within just a few minutes (I haven't even published my sites url anywhere) I got hundreds of entries from bots that checked all of the known and common vulnerabilities on my website. You bet that these werent just to help me build a safe and propper website. If you check the logs above you can find that they were looking for config files, compose files, logs anything that can get my site on their knees. And really the most scareing part was that I've barelly started my site and got these attacks almost immediately.

Of course after these I've almost instantly updated the login, and data security features of the site, and I definitely reccomend everyone to be carefull about these things, because they are nut just scary tales from veterans from the early ages of the internet. And with the new technologies AI, and super computing, these things will just be more and more threattening.

So I just want to reccomend everyone who use, especially if you host some online services, to be carefull, keep your services up to date, and if you have the ability, or resources check out for common threathsIf you are interested check out: https://www.sans.org/newsletters/ it is a for profit US company specialised in cyber security, and has a free news letter where they share te most recent threats and vulnerabilities categorised by risk.

If you had a similar experience, found it interesting, or have a good resource in the matter feel free to share in the comments!

Comments