B4J Question jetty server: how "safe" is a running server?

fransvlaarhoven

Active Member
Licensed User
Longtime User
Hello,

first I must say I have little or no experience with servers....

- i added a handler for /upload
- i added handler for websockets /push
- server listens for https-connections on port 8889
- clients are mainly B4A-apps

The server is doing what it is supposed to do, works stable, no problems. In the logfile of the server i can see this as:

80.101.7.236 - - [17/apr/2018:00:14:55 +0000] "POST /upload?type=srv HTTP/1.1" 200 1928 "-" "okhttp/3.5.0"

80.101.7.236 - - [17/apr/2018:08:09:32 +0000] "GET /push HTTP/1.1" 101 0 "-" "-"


However, in the logfiles of the server I also can see things like:

122.228.208.113 - - [17/apr/2018:00:13:29 +0000] "CONNECT www.server110.com:443 HTTP/1.1" 404 0 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)"
122.228.208.113 - - [17/apr/2018:00:13:30 +0000] "CONNECT www.server110.com:443 HTTP/1.1" 404 0 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)"
122.228.208.113 - - [17/apr/2018:00:13:30 +0000] "CONNECT www.server110.com:443 HTTP/1.1" 404 0 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)"
122.228.208.113 - - [17/apr/2018:00:13:31 +0000] "CONNECT www.server110.com:443 HTTP/1.1" 404 0 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)"
122.228.208.113 - - [17/apr/2018:00:13:32 +0000] "CONNECT www.linode.com:443 HTTP/1.1" 404 0 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)"
122.228.208.113 - - [17/apr/2018:00:13:32 +0000] "CONNECT www.linode.com:443 HTTP/1.1" 404 0 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)"
122.228.208.113 - - [17/apr/2018:00:13:33 +0000] "CONNECT www.linode.com:443 HTTP/1.1" 404 0 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)"
122.228.208.113 - - [17/apr/2018:00:13:33 +0000] "CONNECT www.linode.com:443 HTTP/1.1" 404 0 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)"
122.228.208.113 - - [17/apr/2018:00:13:34 +0000] "CONNECT www.baidu.com:443 HTTP/1.1" 404 0 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)"
122.228.208.113 - - [17/apr/2018:00:13:34 +0000] "CONNECT www.baidu.com:443 HTTP/1.1" 404 0 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)"
122.228.208.113 - - [17/apr/2018:00:13:35 +0000] "CONNECT www.baidu.com:443 HTTP/1.1" 404 0 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)"
122.228.208.113 - - [17/apr/2018:00:13:36 +0000] "CONNECT www.baidu.com:443 HTTP/1.1" 404 0 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)"

196.52.43.61 - - [17/apr/2018:11:23:39 +0000] "GET / HTTP/1.0" 404 315 "-" "Mozilla/5.0(WindowsNT6.1;rv:31.0)Gecko/20100101Firefox/31.0"

91.185.201.71 - - [17/apr/2018:20:44:09 +0000] "GET / HTTP/1.1" 404 315 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
91.185.201.71 - - [17/apr/2018:20:44:10 +0000] "GET /HNAP1/ HTTP/1.1" 404 321 "http://80.101.7.236:8888/" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

Now my questions are:

- What is the server doing with requests that are not handled with with the added "handlers"
- Should I log more and look in the logfiles for checking if the server is not "misused"
- Can this server be "misused" for other purposes by those who scan the interrnet.
- Those who scan the internet can see Powered by Jetty:// 9.4.z-SNAPSHOT. Should I switch this information off and, if so, how?


Again, I've little or no experience with servers but any information would be more then welcome....
 
Last edited:

Erel

B4X founder
Staff member
Licensed User
Longtime User
What is the server doing with requests that are not handled with with the added "handlers"
You can see that the response code in these logs is 404 => page not found.

Jetty by itself is secure. Assuming that your handlers are not doing anything "dangerous" then it should be fine.
 
Upvote 0
Top