DigitalOcean

Report this

What is the reason for this report?
Question

An IP from ColoCrossing (23.95.191.195) which was trying to exploit a vulnerability found in Gpon routers.

Posted on June 25, 2021
Nginx
Deployment
Firewall
Currsive

By Currsive

Gpon has a vulnerability that can give unautorized access to an attacker if they simply append ?images/ to the URL. I have blocked access to my application for any local IP access. I recieved an email for the same from my server reporting a try of this suspicious action. If digitalocean uses Gpon, I need to block this and others inside my Nginx server.

Is this something I should be woried about?



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
alexdo
alexdo
October 31, 2023

Heya,

When you receive an email alert about suspicious activity on your server, it’s important to take it seriously. This could be a sign of a potential vulnerability in your application, and you need to investigate and address the issue promptly.

Here are some steps to follow:

  1. Verify the report. Make sure the email is legitimate and not a phishing attempt.

  2. Investigate the incident. Analyze your logs and other available information to understand what happened. Determine whether it was a legitimate attempt to exploit a vulnerability.

  3. Remediate the vulnerability. If you find a vulnerability, work on fixing it as soon as possible. This might involve changing your code or configurations.

  4. Review your Nginx configuration. Make sure it’s configured correctly and that you have appropriate measures in place to block unauthorized access.

  5. Enhance your overall security posture. Consider implementing additional security measures such as a web application firewall (WAF), intrusion detection system (IDS), and regular security audits.

  6. Keep your software up to date. Regularly update your server’s operating system, web server, and application software. This will help reduce the risk of known vulnerabilities being exploited.

  7. Implement monitoring and alerting. Set up systems to notify you of any suspicious activity or potential security breaches in real time.

I know that receiving an email alert about suspicious activity on your server can be worrying. But by following these steps, you can take proactive steps to protect your server and application from attack.

Hope that this helps!

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.