1

I am setting up a production environment on my VPS for a Rails app I'm working on. I have not registered a domain name yet, so what I did was just edit my local hosts-file manually. This works fine for testing purposes.

Using Phusion Passenger I log all requests in [railsapp-folder]/log/access.log. Now here's the weird thing: I was using tail -f to monitor this file and suddenly the following line pops up:

58.218.199.227 - - [30/Jun/2011:13:28:32 +0200] "GET http://financeande.com/feed/feed.php HTTP/1.1" 500 728 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

I looked up the IP address and it appears to have it's origin in Beijing.

Could someone explain how this is happening? I just set up this environment two hours ago and it seems someone is already accessing it from the outside, which should not be possible at all.

Edit:

The URL it tries to request is also mentioned on this web page: http://kfrazier.mooo.com/html/art/hackdetail.py?ipaddress=58.218.199.250&date=2011-06-20+19%3A58%3A34

Bram Jetten
  • 45
  • 5

1 Answers1

1

Why should this no be possible? Is your VPS firewalled so that only you can access it? The access log entry seems to show a request for some PHP site. Maybe their DNS is wrong and still has old information of the previous owner of your IP address in it?

wzzrd
  • 10,409
  • 2
  • 35
  • 47
  • Well, the thing I find weird is that it shows up in the log of this Rails app, which can only be accessed through the domain "www.ontwerptool.nl" (and you have to set that up locally in your hosts file). This rails app is not the default of my server. – Bram Jetten Jun 30 '11 at 11:53