Log attempts to access passwords

2026-01-13 15:56:16 +00:00 · 2026-01-13 15:56:16 +00:00 · 4f528fd352
parent 41e5a9d098
commit 4f528fd352
2 changed files with 8 additions and 1 deletions
--- a/daemon_get.py
+++ b/daemon_get.py
@ -6103,6 +6103,13 @@ def daemon_http_get(self) -> None:
    # check that the file exists
    filename = self.server.base_dir + self.path

+    if filename == data_dir(self.server.base_dir) + '/passwords':
+        print('WARN: attempt to access passwords ' +
+              str(self.headers).replace('\n', ' '))
+        http_404(self, 143)
+        self.server.getreq_busy = False
+        return
+
    # check that the file is not suspended
    if filename.endswith('.suspended'):
        http_404(self, 145)
--- a/scripts/invalid
+++ b/scripts/invalid
@ -1,2 +1,2 @@
 #!/bin/bash
-journalctl -u epicyon | grep "invalid header\|invalid characters\|leech bounced\|LLM scraper\|suspicious\|bad path\|not wordpress"
+journalctl -u epicyon | grep "invalid header\|invalid characters\|leech bounced\|LLM scraper\|suspicious\|bad path\|not wordpress\|attempt to access passwords\|GET Unknown request"