Couchbase logs say 'Invalid post received'


#1

Hi,

We have been getting the below error in the logs:

Invalid post received: {mochiweb_request,
[#Port<0.51521607>,'POST',
"/lcds/messagebroker/http",
{1,1},
{9,
{"host",
{'Host',"<System IP>:8091"},
{"accept-charset",
{'Accept-Charset',
"iso-8859-1,utf-8;q=0.9,*;q=0.1"},
{"accept",
{'Accept',
"image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*"},
nil,nil},
{"accept-language",
{'Accept-Language',"en"},
nil,
{"content-type",
{'Content-Type',"application/x-amf"},
{"connection",
{'Connection',"Close"},
nil,
{"content-length",
{'Content-Length',"858"},
nil,nil}},
nil}}},
{"user-agent",
{'User-Agent',
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)"},
{"pragma",{'Pragma',"no-cache"},nil,nil},
nil}}}]}

Can anyone tell me what these errors mean and are there any effect of these errors on the system?
These errors are quite regular.

This is on the version: 3.0.1 Community Edition (build-1444)

Regards,
Rajeev.


#2

Hello @rajeev.dalavi,

This log message is saying that a client tried to access a REST endpoint (/lcds/messagebroker/http) that does not exists. Looking at the endpoint that is being accessed and the payload, it could either be a security scanner or something more malicious. The exploits being test for looks to be Adobe - XML Injection File Content Disclosure this will have no affect on Couchbase Server.

The log will have the IP/hostname of the client trying to access endpoints that do not exists.

We recommend that security scanners are not ran against a production system and that Couchbase Server is deployed behind a firewall. See security best practices for more information.

This is on the version: 3.0.1 Community Edition (build-1444)

This version of Couchbase Server went end of life in April 2016 and I would strongly recommend upgrading to a new version.