2 months ago
On my localmachine, I have a golang server running on localhost.
How am I getting a bunch of random logs from someone trying to do a bunch of random get requests?
what is going on? am I compromised? Is there a golang library or module that has malicious code that I downloaded?
Someone is doing random get requests, but it doesn't make sense since this is my local machine.
the portnumber and ip address that my golang server is on
'http://127.0.0.1:8080/'
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv0 Replies
2 months ago
No…
2 months ago
Probably just your browser…
these guys also trying to do post request and upload a file, I think?
Any ideas what is going on?
2 months ago
You’re not exposing port 8080 lol
2 months ago
It could be
the ip address is not from local host
10.141.1.222
which is near Albany, New York.
idk how networking works. I think I should download wireshark to collect logs, the next time this happens.
2 months ago
definitely not a Railway issue but I'm intrigued
2 months ago
is your local network on the range of 10.141.1.*?
2 months ago
???
2 months ago
You’re binding to 127
2 months ago
Nobody can access that
local range is 10.141.1.*
I think that is the public static IP address that my organization owns.
2 months ago
wait you're in an organization? not your local home network?
2 months ago
that is a private IP
that is what I thought. But if a browser or my own application on my localmachine access mylocalhost, it should be 127.* and not 10.*
2 months ago
it's somebody within your org
2 months ago
that is a private IP
2 months ago
that's a local IP