Reputation: 25554
Django - Hacking attempt, [Django] ERROR: Invalid HTTP_HOST header
I need some help. I think someone is trying to hack my Django website. I'm receiving messages like this:
[Django] ERROR: Invalid HTTP_HOST header: u'127.0.0.1:8000'.You may need to add u'127.0.0.1' to ALLOWED_HOSTS.
[Django] ERROR: Invalid HTTP_HOST header: 'lixxx-xxx.members.linode.com'.You may need to add u'lixxx-xxx.members.linode.com' to ALLOWED_HOSTS.
The host lixxx-xxx.members.linode.com is online and when I access this host with my browser(http://lixxx-xxx.members.linode.com), I get immediately the "[Django] ERROR: Invalid HTTP_HOST header" in my email. The host "lixxx-xxx.members.linode.com" is not mine, so someone setup this host to make requests to my website.
Questions... What kind of attack are trying against me? How to protect from this?
Upvotes: 1
Views: 1363
Answers (1)
Reputation: 11
I've noticed the same on my Wordpress websites from members.linode.com, probably from a free/trial account. They are searching authors IDs (www.domain.com/?author=#, where # = 2 to 5), then the author Display name is used to try login attacks to gain access. I've since made sure my Display name and login name are different. My security plugin (WordFence) is blocking their IPs automatically, then I am adding the entire IP range to be blocked. So far this is:
173.230.128.0 - 173.230.159.255
192.155.80.0 - 192.155.95.255
Upvotes: 1
Related Questions
- How to fix Django error: DisallowedHost at / Invalid HTTP_HOST header: ... You may need to add ... to ALLOWED_HOSTS
- Django's SuspiciousOperation Invalid HTTP_HOST header
- How to resolve SuspiciousOperation: Invalid HTTP_HOST header error?
- Django Invalid http_host
- Invalid HTTP_HOST header in Django 1.6.2
- Django Allowed_Hosts Error.
- HTTP_HOST error with Django
- Why is Django sending me Invalid HTTP_HOST header with my server IP?
- Mis-setting django's ALLOWED_HOSTS setting does not give understandable errors
- Django getting lots of SuspiciousOperation: Invalid HTTP_HOST header