Server crash caused by Censys probe
Kotahidev went down some time after 27/Feb/2023:23:15:39 +0000, apparently in response to a Censys security probe. These are the logs:
server_1 | info: ::ffff:172.18.0.1 - - [27/Feb/2023:23:15:38 +0000] "GET / HTTP/1.1" 200 223 "-" "-"
server_1 |
server_1 | info: ::ffff:172.18.0.1 - - [27/Feb/2023:23:15:38 +0000] "GET / HTTP/1.1" 200 223 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
server_1 |
server_1 | info: ::ffff:172.18.0.1 - - [27/Feb/2023:23:15:39 +0000] "GET /favicon.ico HTTP/1.1" 200 223 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
server_1 |
server_1 | events.js:291
server_1 | throw er; // Unhandled 'error' event
server_1 | ^
server_1 |
server_1 | error: terminating connection due to administrator command
server_1 | at Parser.parseErrorMessage (/home/node/app/node_modules/pg-protocol/dist/parser.js:278:15)
server_1 | at Parser.handlePacket (/home/node/app/node_modules/pg-protocol/dist/parser.js:126:29)
server_1 | at Parser.parse (/home/node/app/node_modules/pg-protocol/dist/parser.js:39:38)
server_1 | at Socket.<anonymous> (/home/node/app/node_modules/pg-protocol/dist/index.js:10:42)
server_1 | at Socket.emit (events.js:314:20)
server_1 | at Socket.EventEmitter.emit (domain.js:483:12)
server_1 | at addChunk (_stream_readable.js:297:12)
server_1 | at readableAddChunk (_stream_readable.js:272:9)
server_1 | at Socket.Readable.push (_stream_readable.js:213:10)
server_1 | at TCP.onStreamRead (internal/stream_base_commons.js:188:23)
server_1 | Emitted 'error' event on Client instance at:
server_1 | at Client._handleErrorEvent (/home/node/app/node_modules/pg/lib/client.js:310:10)
server_1 | at Client._handleErrorMessage (/home/node/app/node_modules/pg/lib/client.js:321:12)
server_1 | at Connection.emit (events.js:314:20)
server_1 | at Connection.EventEmitter.emit (domain.js:483:12)
server_1 | at /home/node/app/node_modules/pg/lib/connection.js:109:12
server_1 | at Parser.parse (/home/node/app/node_modules/pg-protocol/dist/parser.js:40:17)
server_1 | at Socket.<anonymous> (/home/node/app/node_modules/pg-protocol/dist/index.js:10:42)
server_1 | [... lines matching original stack trace ...]
server_1 | at TCP.onStreamRead (internal/stream_base_commons.js:188:23) {
server_1 | length: 116,
server_1 | severity: 'FATAL',
server_1 | code: '57P01',
server_1 | detail: undefined,
server_1 | hint: undefined,
server_1 | position: undefined,
server_1 | internalPosition: undefined,
server_1 | internalQuery: undefined,
server_1 | where: undefined,
server_1 | schema: undefined,
server_1 | table: undefined,
server_1 | column: undefined,
server_1 | dataType: undefined,
server_1 | constraint: undefined,
server_1 | file: 'postgres.c',
server_1 | line: '3029',
server_1 | routine: 'ProcessInterrupts'
server_1 | }
According to https://about.censys.io/, "We make a small number of harmless connection attempts to every IPv4 address worldwide each day. [We complete] protocol handshakes to learn more about the running services. [...] We never attempt to bypass any technical barriers, exploit security problems, or otherwise access non-public-facing services, and we follow community best practices to reduce any burden on remote networks. The only data we receive is information that is publicly visible to anyone who connects to a particular address and port."
It looks as though the request immediately preceding the crash was for favicon.ico
, but nothing crashes when I try requesting that. It could have been another request that crashed before it was logged; the list of data they collect looks extensive. They provide instructions for deny-listing them if we wish, but I'd prefer to understand why the crash occurred and fix it, as presumably it was a standard, valid request.