mirror of
https://github.com/healthchecks/healthchecks.git
synced 2026-04-25 06:55:53 +03:00
[GH-ISSUE #701] Healthcheck sent on new creation? #502
Labels
No labels
bug
bug
bug
feature
good-first-issue
new integration
pull-request
question
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/healthchecks#502
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @DarrenPIngram on GitHub (Sep 1, 2022).
Original GitHub issue: https://github.com/healthchecks/healthchecks/issues/701
Self-hosted instance, latest version via Docker.
I just set up a brand new HC alert/monitor. Went to document it and when I came back a few minutes later to close the tab, I saw there had been traffic immediately from IPs I do not recognise.
I accept people may randomly scan URLs, but the chances of this happening to a quiet HC instance on a sub-domain, guessing the "right" URL and within minutes of creation?
Is there by chance some "auto health check" made by yourselves, even with self-hosted instances, that I am not aware of (or missed in any documentation)?
The stranger thing (looking at other entries) is that this does not happen all of the time.
1x
52.89.103.*** Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/600.3.18 (KHTML, like Gecko) Version/8.0.3 Safari/600.3.18
2x
34.217.253.*** Mozilla/5.0 (compatible; DashLinkPreviews/5.1;)
1x
34.217.253*** Mozilla/5.0 (Macintosh; I
@phaer commented on GitHub (Sep 1, 2022):
Browser often check links for either "safe-browsing" and/or local preview rendering, a user agent such as
DashLinkPreviewsdoes sound like the latter, no?I think it's best to assume that any HTTP endpoint not requiring authentication will be hit by random traffic sooner or later, in a mostly unpredictable matter.
@cuu508 commented on GitHub (Sep 1, 2022):
No, there isn't, at least not in the code in this repository, or the official Docker images.
My guess: one or more tools you are using is automatically scanning all URLs it sees for malware and/or to generate link preview images.
@cuu508 commented on GitHub (Sep 1, 2022):
PS. In the past people have reported spurious pings when pasting ping URLs in Slack channel. To work around this, you can configure the check to require HTTP POST instead of HTTP GET requests. The scanners don't seem to go as far as to make HTTP POST requests :-)
@DarrenPIngram commented on GitHub (Sep 1, 2022):
Thank you for the very prompt response, information and solution which we
will apply.
It is strange as the web was only used for setting up the monitor and I
fired the script via a command line. I get that stuff is scanned but it
seemed very coincidental to happen so quickly!
Anyway, we will go forward with your suggestion.
May I just ask a final question rather than opening a new ticket?
On your hosted service the /log endpoint exists in a URL. It does not seem
to be on my self-hosted instance. I see nothing in the docs to suggest I
need to set it up. Should it be there, or is that a unique feature to your
hosted version?
On Thu, 1 Sept 2022 at 11:06, Paul Haerle @.***> wrote:
@cuu508 commented on GitHub (Sep 1, 2022):
The
/logendpoint was implemented in Healthchecks v2.3 – perhaps you are running an older version?@DarrenPIngram commented on GitHub (Sep 1, 2022):
Ah, 2.2.1... need to make a new image. Thank you!
On Thu, 1 Sept 2022 at 11:48, Pēteris Caune @.***>
wrote: