0

I run a NodeJS web application with packages up to date and secured with a strong password and RSA for ssh.

The application runs on two domains. I check the request headers to get the domain and found some weird requests that had no headers:

console.log(req.headers); // prints `{}`

Near the time of these requests, I also get other weird ones, such as /nmaplowercheck1602743285, /HNAP1, and /evox/about.

I could throttle or black-list the IP of origin, though probably these are only proxy IPs. The last two routes are from 5-6 different countries.

What is this behavior, and is it anything to worry about?

miguelmorin
  • 249
  • 1
  • 5
  • 13
  • 1
    You will observe the same on any publicly accessible (web) server. It’s the internet background noise of mostly automated probes and scans. Some of those are relatively benign research, sometimes requests are traffic intended for the previous user(s) of your IP-addresses and some are probing for known vulnerabilities. Not all of them are coded very well. When your server is up to date with all security patches and updates such requests should not be more than an annoyance and nothing to worry about IMHO. Calling it hacking is usually way too generous – Bob Oct 16 '20 at 09:00
  • Can you make your comment into an answer? – miguelmorin Oct 19 '20 at 12:15

0 Answers0