B4J Question [SOLVED] CloudKVS_Server and security

[lemonisdead]

Hello,
After having let the server run as a test drive for some days, I have noticed "strange" entries in the logs. They appear some days after the server had been launched (hackers are really good to sniff internet trafic).

They are some like

61.160.213.56 - - [20/Feb/2016:15:44:41 +0000] "GET http://zc.qq.com/cgi-bin/chs/numreg/init? HTTP/1.0" 404 338 "-" "-"
61.160.213.247 - - [21/Feb/2016:12:24:24 +0000] "GET http://zc.qq.com/cgi-bin/chs/numreg/init? HTTP/1.0" 404 338 "-" "-"
115.231.222.14 - - [01/Mar/2016:07:22:51 +0000] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3032006229694173 HTTP/1.1" 404 334 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"

And so on...

I am thinking about filtering requests by inserting a new class to reply to GET and POST requests on the same port by sending a null. Do you think it could be enough or should I filter requests with the firewall ? Perhaps could I allow some trafic by adding a dedicated header ?

 

[Erel]

What are these links? Is zz.qq.com your domain?

 

[lemonisdead]

Nope : they appear in the logs in place of regular requests

A regular good request is listed like this :

[IP] - - [01/Mar/2016:00:52:39 +0000] "POST https://s1.ws.fr:51049/action HTTP/1.1" 200 11 "-" "okhttp/2.4.0"

Edit: perhaps should I only reply when we have an error 404. Studying the solution

 

[Erel]

These requests do not look harmful. The server returned a 404 status code because there are no such pages.
A server opened to the internet receives all kinds of strange requests.

 

[b4auser1]

Which kind of authentication is used ?
Usernames + passwords ?
filtering IP addresses of clients ?
...

 

[lemonisdead]

Which kind of authentication is used ?

I have made no authentication, just started the CloudKVS server as Erel published it. It was only a test drive. And you are right, I could put one in place.