10 months ago
On my localmachine, I have a golang server running on localhost.
How am I getting a bunch of random logs from someone trying to do a bunch of random get requests?
what is going on? am I compromised? Is there a golang library or module that has malicious code that I downloaded?
Someone is doing random get requests, but it doesn't make sense since this is my local machine.
the portnumber and ip address that my golang server is on
'http://127.0.0.1:8080/'
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 | 0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 | 0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv22 Replies
10 months ago
No…
10 months ago
Probably just your browser…
these guys also trying to do post request and upload a file, I think?
Any ideas what is going on?
10 months ago
You’re not exposing port 8080 lol
10 months ago
It could be
the ip address is not from local host
10.141.1.222
which is near Albany, New York.
idk how networking works. I think I should download wireshark to collect logs, the next time this happens.
10 months ago
definitely not a Railway issue but I'm intrigued
10 months ago
is your local network on the range of 10.141.1.*?
10 months ago
???
10 months ago
You’re binding to 127
10 months ago
Nobody can access that
local range is 10.141.1.*
I think that is the public static IP address that my organization owns.
10 months ago
wait you're in an organization? not your local home network?
10 months ago
that is a private IP
that is what I thought. But if a browser or my own application on my localmachine access mylocalhost, it should be 127.* and not 10.*
10 months ago
it's somebody within your org
10 months ago
that is a private IP
10 months ago
that's a local IP
10 months ago