Self-hosting allows me to have complete control over my data and not rely on any external platforms. However, it also exposes me to a flood of malicious traffic from the dangerous internet. To gain insights into these attacks, I examined my access logs and found that the most common attacks were directory traversal attacks, particularly in search of credentials like .env files. Attackers were also looking for common files containing AWS credentials, Git repositories, and other exposed directories. It was interesting to note that the attackers often used the misspelled user agent “Mozlila/5.0.” Another type of attack I observed was exploiting the Shellshock vulnerability through CGI scripts, allowing the execution of arbitrary commands. These attacks targeted common directories and paths in search of vulnerable endpoints. Finally, there was an instance of LuCI injection, where an attacker attempted to execute a command by manipulating a URL.
Important points to note:
– Self-hosting provides freedom and ownership of data, but exposes one to malicious traffic.
– Most common attacks: directory traversal and Shellshock vulnerability exploitation.
– Attackers search for credentials, AWS files, Git repositories, and exposed directories.
– Misspelled user agent “Mozlila/5.0” is
https://nishtahir.com/i-looked-through-attacks-in-my-access-logs-heres-what-i-found/