0

I'm running a rails app on an ubuntu 14.04 server. I've setup email error notifications. Basically part of my code checks to see the what the SERVER_NAME is and matches it to a record in the DB and serving content depending on that. But my question is not really about the error, but rather the suspicious requests.

I'm getting several per hour all from random remote IP addresses from around the world, but the SERVER_NAME is "localhost" instead of the set domain names which are setup to point to this rails app. Any idea how these requests as localhost are coming through and is it any cause for concern?

Thanks in advance!

uguMark
  • 609
  • 1
  • 5
  • 17

1 Answers1

0

I have the same problem.

If your server/app is exposed to the internet, then these might be bots. Some of them are (refferal) spam bots, some try to exploit your app ect.

You can block referrer on Ngnix (or any other server you use).

Kickstarter has a gem that deals with such requests: kickstarter/rack-attack

Also, keep your gems and ruby version updated.

Tomasz Giba
  • 507
  • 1
  • 8
  • 22
  • Thanks @undercover_cop. Any idea how these requests are even possible as showing up as "localhost" under server_name? When developing the app locally that is what I see but I have no idea how that's possible under production. – uguMark Mar 18 '17 at 06:14
  • [here is an article that explains](https://stackoverflow.com/questions/11388223/can-serverserver-name-be-forged-faked), that SERVER_NAME could be faked. But really you have to investigate on your own to know the truth. – Tomasz Giba Mar 20 '17 at 14:25