我在生产中安装了Rails 4.2.6应用程序(也运行Devise),并安装了Exception Notification gem。我得到了数百ActionController::InvalidAuthenticityToken个错误(下面的示例),通常每分钟2-3次,每次几小时。我不太关注Rails的安全方面,但我想这是一个机器人尝试某种形式的CSRF攻击。
它始终来自相同的IP地址(107.15.69.216),看起来像是来自美国北卡罗来纳州罗利市的地址。
是机器人吗?
而且,我是否需要做些什么,或者错误只是证明Devise的CSRF攻击保护正在发挥作用?
An ActionController::InvalidAuthenticityToken occurred in registrations#create:
ActionController::InvalidAuthenticityToken
-------------------------------
Request:
-------------------------------
* URL : https://xxx.xxx.xxx.xxx/
* HTTP Method: POST
* IP address : 107.15.69.216
* Parameters : {"Q/Zcl9vJY8K1NPSRoHXnCQrZaPF8pu/uXVPyCfW8RnAQclIPvjOvpXqFLY TPUg9uBDmGWG5lMd8vzgSuGw79LAE d03xLFVtA/JUrX7cKmb3u Wrd7xS2LsMlSj2zAvtxmSPkGpoKR8e1p/XAQ exuiMte/fyXnLSrVjMfmzpNNxr7MSamyRHFVQan3LaxMJUq 02h4D1L4psFwbwl9k27W45G8FT9LaS2HG7g7y/rsxAon8ovLUgQNY2HcRMf7XlZxmxK20kDWfcLLn8DrpwY/bSW6mGsxAgD0CkapGj5LU7Smg5FvtR5qFn7q Ey9F0YdlMpE5/MqYWQNINgpzIxokxY1JyEdg5WphcGExuXjPDN3ChYUrkZG4h PAe7LuaGSQjyTOY/K4/O/iLODlBcM EqxCVZY8J04"=>nil, "controller"=>"registrations", "action"=>"create"}
* Timestamp : 2017-01-12 14:00:54 UTC
* Server : sgp1-iml-01
* Rails root : /home/app-name-deploy/apps/app-name/releases/20161212034105
* Process: 11031
-------------------------------
Session:
-------------------------------
* session id: [FILTERED]
* data: {}
-------------------------------
Environment:
-------------------------------
* CONTENT_LENGTH : 420
* CONTENT_TYPE : application/x-www-form-urlencoded
* GATEWAY_INTERFACE : CGI/1.2
* HTTP_CACHE_CONTROL : no-cache
* HTTP_CONNECTION : close
* HTTP_HOST : xxx.xxx.xxx.xxx
* HTTP_USER_AGENT : Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
* HTTP_VERSION : HTTP/1.0
* HTTP_X_FORWARDED_FOR : 107.15.69.216
* HTTP_X_FORWARDED_PROTO : https
* ORIGINAL_FULLPATH : /
* ORIGINAL_SCRIPT_NAME :
* PATH_INFO : /
* QUERY_STRING :
* REMOTE_ADDR : 127.0.0.1
* REQUEST_METHOD : POST
* REQUEST_PATH : /
* REQUEST_URI : /
* ROUTES_42047240_SCRIPT_NAME :
* SCRIPT_NAME :
* SERVER_NAME : xxx.xxx.xxx.xxx
* SERVER_PORT : 443
* SERVER_PROTOCOL : HTTP/1.1
* SERVER_SOFTWARE : puma 3.6.0 Sleepy Sunday Serenity
* action_controller.instance : #<RegistrationsController:0x00000006f6a0d0>
* action_dispatch.backtrace_cleaner : #<Rails::BacktraceCleaner:0x00000005458648>
* action_dispatch.cookies : #<ActionDispatch::Cookies::CookieJar:0x00000006f537b8>
* action_dispatch.cookies_digest :
* action_dispatch.cookies_serializer : json
* action_dispatch.encrypted_cookie_salt : encrypted cookie
* action_dispatch.encrypted_signed_cookie_salt : signed encrypted cookie
* action_dispatch.http_auth_salt : http authentication
* action_dispatch.key_generator : #<ActiveSupport::CachingKeyGenerator:0x00000006945560>
* action_dispatch.logger : #<ActiveSupport::Logger:0x00000006d22570>
* action_dispatch.parameter_filter : [:password]
* action_dispatch.redirect_filter : []
* action_dispatch.remote_ip : 107.15.69.216
* action_dispatch.request.content_type : application/x-www-form-urlencoded
* action_dispatch.request.formats : [#<Mime::Type:0x000000053404e0 @synonyms=["application/xhtml+xml"], @symbol=:html, @string="text/html", @hash=672552242721212245>]
* action_dispatch.request.parameters : {"Q/Zcl9vJY8K1NPSRoHXnCQrZaPF8pu/uXVPyCfW8RnAQclIPvjOvpXqFLY TPUg9uBDmGWG5lMd8vzgSuGw79LAE d03xLFVtA/JUrX7cKmb3u Wrd7xS2LsMlSj2zAvtxmSPkGpoKR8e1p/XAQ exuiMte/fyXnLSrVjMfmzpNNxr7MSamyRHFVQan3LaxMJUq 02h4D1L4psFwbwl9k27W45G8FT9LaS2HG7g7y/rsxAon8ovLUgQNY2HcRMf7XlZxmxK20kDWfcLLn8DrpwY/bSW6mGsxAgD0CkapGj5LU7Smg5FvtR5qFn7q Ey9F0YdlMpE5/MqYWQNINgpzIxokxY1JyEdg5WphcGExuXjPDN3ChYUrkZG4h PAe7LuaGSQjyTOY/K4/O/iLODlBcM EqxCVZY8J04"=>nil, "controller"=>"registrations", "action"=>"create"}
* action_dispatch.request.path_parameters : {:controller=>"registrations", :action=>"create"}
* action_dispatch.request.query_parameters : {}
* action_dispatch.request.request_parameters : {"Q/Zcl9vJY8K1NPSRoHXnCQrZaPF8pu/uXVPyCfW8RnAQclIPvjOvpXqFLY TPUg9uBDmGWG5lMd8vzgSuGw79LAE d03xLFVtA/JUrX7cKmb3u Wrd7xS2LsMlSj2zAvtxmSPkGpoKR8e1p/XAQ exuiMte/fyXnLSrVjMfmzpNNxr7MSamyRHFVQan3LaxMJUq 02h4D1L4psFwbwl9k27W45G8FT9LaS2HG7g7y/rsxAon8ovLUgQNY2HcRMf7XlZxmxK20kDWfcLLn8DrpwY/bSW6mGsxAgD0CkapGj5LU7Smg5FvtR5qFn7q Ey9F0YdlMpE5/MqYWQNINgpzIxokxY1JyEdg5WphcGExuXjPDN3ChYUrkZG4h PAe7LuaGSQjyTOY/K4/O/iLODlBcM EqxCVZY8J04"=>nil}
* action_dispatch.request.unsigned_session_cookie: {}
* action_dispatch.request_id : b8c1d2ef-0272-4e58-928d-8d02e8c5ad28
* action_dispatch.routes : #<ActionDispatch::Routing::RouteSet:0x00000005032e10>
* action_dispatch.secret_key_base : 72399ae7d71631b9bf5c19fe5e63e6e6c7163f37cdf8d1bb853cb77b53b6de0d20ce168a0e4a6fc87fadeb09b122a30d09ff9103f2f05a6bd5660c4c00f57392
* action_dispatch.secret_token :
* action_dispatch.show_detailed_exceptions : false
* action_dispatch.show_exceptions : true
* action_dispatch.signed_cookie_salt : signed cookie
* devise.mapping : #<Devise::Mapping:0x00000006939c60>
* puma.config : #<Puma::Configuration:0x00000002f1e940>
* puma.socket : #<UNIXSocket:0x00000006f768a8>
* rack.after_reply : []
* rack.errors : #<File:0x0000000230dac0>
* rack.hijack : #<Puma::Client:0x00000006f76880>
* rack.hijack? : true
* rack.input : #<StringIO:0x00000006f762b8>
* rack.multiprocess : false
* rack.multithread : true
* rack.request.cookie_hash : {}
* rack.request.form_hash : {"Q/Zcl9vJY8K1NPSRoHXnCQrZaPF8pu/uXVPyCfW8RnAQclIPvjOvpXqFLY TPUg9uBDmGWG5lMd8vzgSuGw79LAE d03xLFVtA/JUrX7cKmb3u Wrd7xS2LsMlSj2zAvtxmSPkGpoKR8e1p/XAQ exuiMte/fyXnLSrVjMfmzpNNxr7MSamyRHFVQan3LaxMJUq 02h4D1L4psFwbwl9k27W45G8FT9LaS2HG7g7y/rsxAon8ovLUgQNY2HcRMf7XlZxmxK20kDWfcLLn8DrpwY/bSW6mGsxAgD0CkapGj5LU7Smg5FvtR5qFn7q Ey9F0YdlMpE5/MqYWQNINgpzIxokxY1JyEdg5WphcGExuXjPDN3ChYUrkZG4h PAe7LuaGSQjyTOY/K4/O/iLODlBcM EqxCVZY8J04"=>nil}
* rack.request.form_input : #<StringIO:0x00000006f762b8>
* rack.request.form_vars : [FILTERED]
* rack.request.query_hash : {}
* rack.request.query_string :
* rack.run_once : false
* rack.session : #<ActionDispatch::Request::Session:0x00000006f6bea8>
* rack.session.options : #<ActionDispatch::Request::Session::Options:0x00000006f6be08>
* rack.url_scheme : http
* rack.version : [1, 3]
* warden : Warden::Proxy:58416640 @config={:default_scope=>:user, :scope_defaults=>{}, :default_strategies=>{:user=>[:rememberable, :database_authenticatable]}, :intercept_401=>false, :failure_app=>#<Devise::Delegator:0x00000007b40dc8>}
由于
答案 0 :(得分:2)
是。这是一个机器人。它试图通过你的设计注册表。以防检查您的主要布局中是否包含此代码:<%= csrf_meta_tags %>。在重写布局后,它可能会被意外删除。
这是您受到攻击的IP地址信息:http://pastebin.com/c1Zb5tcP
您可以尝试使用rack-attack gem资源切割垃圾邮件发送者 安装后,有一个简单的configuration开始。
还有另一种解决方案,即在IPtables中的INPUT链中创建规则,并阻止来自您提供的IP地址的流量,以防您有权访问您的服务器:
iptables -I INPUT -s 107.15.69.216 -j DROP