Interpretation of console output


System + setup

I am running a Jupyter notebook on a virtual private server (VPS) Ubuntu 18.04.

The dockerfile is Jupyter Notebook Deep Learning Stack.

The OS version:

cat /proc/version
Linux version 4.15.0-62-generic (buildd@lcy01-amd64-024) (gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)) #69-Ubuntu SMP Wed Sep 4 20:55:53 UTC 2019

I am not an expert in Linux (although I like it), or networking, so I have tried to take reasonable security precautions:

  1. I connect to my VPS through SSH on port 22. It uses public/private encryption key, rather than a password.
  2. I start the notebook dockerfile in a terminal from SSH, which generates an encryption key, rather than a password (which is a different key each time the command is run).
  3. I access the notebook through the web, through port 8888. This is over HTTP rather than HTTPS (should I worry about this?).

The issue

When I leave the notebook running, I get lots of attempted connections in the terminal log, none of which are from me:

[W 23:45:14.145 NotebookApp] 405 CONNECT ( 2.09ms referer=None
[I 02:28:27.195 NotebookApp] 302 GET / ( 1.31ms
[I 03:18:18.132 NotebookApp] 302 GET / ( 1.67ms
[W 03:45:37.157 NotebookApp] 403 POST ( '_xsrf' argument missing from POST
[W 03:45:37.158 NotebookApp] 403 POST ( 1.82ms referer=
[I 03:45:37.159 NotebookApp] Malformed HTTP message from Malformed HTTP request line
[W 03:45:42.330 NotebookApp] 405 CONNECT ( 2.28ms referer=None
[I 06:29:38.905 NotebookApp] 302 GET / ( 0.85ms
[I 06:44:54.086 NotebookApp] 302 GET / ( 0.95ms
[I 06:44:54.802 NotebookApp] 302 GET /tree ( 1.45ms
[W 07:39:24.302 NotebookApp] 403 POST ( '_xsrf' argument missing from POST
[W 07:39:24.305 NotebookApp] 403 POST ( 4.45ms referer=
[I 07:39:24.306 NotebookApp] Malformed HTTP message from Malformed HTTP request line
[W 07:39:29.102 NotebookApp] 405 CONNECT ( 1.42ms referer=None

I looked at the Jupyter notebook documentation and searched the web to interpret these logs.

Request ports and methods

GET, POST and CONNECT appear to be HTTP request methods. The requests either state port 80 or no port.

I have run from another device: sudo nmap -sT -p- <my.vps.ip.address>.

Which informs me that the only open ports are the desired ones (22 SSH, 8787 rstudio, 8888 jupyter).

Request result

The three digit codes look like HTTP status codes (e.g. 403). I searched the Jupyter documentation for each code, and it only seems to explicitly refer to 403:

“By default, requests get a 403 forbidden response if the ‘Host’ header shows that the browser thinks it’s on a non-local domain. Setting this option to True disables this check.”

Codes 405 and 302 are not mentioned, although in general as HTTP codes they appear to refer to “Method not allowed” and “Moved temporarily”, respectively.

My interpretation of all this

So, after all this, I am inclined to interpret the results as:

  1. A random internet port scanner found port an open port.
  2. A number of connection attempts were made.
  3. These attempts were unsuccessful. There is nothing to worry about and no need to change any security settings.

Would this be a reasonable interpretation of these logs?

Hi -

My question asking has not gone as successfully as I hoped.

I tried to solve the problem on my own before bringing it here - hopefully that’s clear?

I’d have loved to answer a question on the forum before posing one, but I am pretty new to Jupyter and Python so I’m not sure the extent to which I’d be able to do that.

Should I have said more about myself, as I’m new to this forum? That is not my strong suit really but I can try. I am a self-taught social scientist R user who is trying to expand their horizons. This means I have quite detailed knowledge of some areas (I’m decent-ish at making Shiny apps), but unforgivable ignorance about basic computer science areas like networking and Linux administration. Hence my asking what I think is quite a basic question.

I do hope someone can chime in - or at least direct me to where I might be able to find out the answer?