1

I've just put a rails 4 app into production, and I've noticed what look like a number of scripted attacks, mostly on urls that end with .php. They look like this:

I, [2015-05-11T22:03:01.715687 #18632]  INFO -- : Started GET "/MyAdmin/scripts/setup.php" for 211.172.232.163 at 2015-05-11 22:03:01 +0100
F, [2015-05-11T22:03:01.719339 #18632] FATAL -- :
ActionController::RoutingError (No route matches [GET] "/MyAdmin/scripts/setup.php"):
  actionpack (4.1.0) lib/action_dispatch/middleware/debug_exceptions.rb:21:in `call'

I'd like to collect thee url from these RoutingError messages, mostly so I can set up routes for them, probably to simply render nothing.

I'd also like to redirect to a site which might keep script runners busy.

Anyway, here's the question. Is there any way I can intercept ActionController::RoutingError to run some code?

Bonus question: Does anyone know if there's actually a lot of php apps out there which can be broken into with urls like the one above?

Dave Newton
  • 158,873
  • 26
  • 254
  • 302
AJFaraday
  • 2,411
  • 1
  • 16
  • 39
  • 1
    http://linux.m2osw.com/zmeu-attack – Dave Newton May 11 '15 at 21:56
  • 1
    Why set up routes for those pages? 404 them instead of indicating to potential attackers that you've set something up to handle them specially. Many ways to do it, here's an easy one: http://stackoverflow.com/a/19654378/78613 – Nick Veys May 11 '15 at 22:06

1 Answers1

2

While this might not be a good idea, you can set a 'catch all' route like

match '*path' => 'your_controller#your_action'

after all your other routes and do whatever you want in your controller, like log to a file, annoy them depending on the route with request.path, etc.

For your bonus: lots of people leave the default password on webapps and these scrapers look for that

Mario
  • 1,349
  • 11
  • 16