Score:0

What is the purpose of /server.txt

cn flag

One of my clients suddenly started seeing ~40k requests a day for "/server.txt" to their webserver that result in an HTTP 404. This is expected behavior as the file doesn't exist and isn't part of the website. However, it appears at the top of the Application Insights Failures tab - which bothers them:

graph depicting 39.56k requests for server.txt

My question is: What is the purpose of "server.txt"?

  • Is it a file like "robots.txt" that we should include on the website?
  • Is there any reason we shouldn't make a 0 byte file called server.txt to resolve the 404s?

It could be due to the name of the file being so generic, but I couldn't find any definitive information on the web about it. Hoping someone here can share some insight. Thank you.

diya avatar
la flag
AFAIK there is no generic `server.txt` purpose. You may want to look at the source IP of the requests and check if it is for example your load balancer making http requests for that file (to determine the health of your node) - Otherwise a zero byte file or a specific rule triggering a particular response might be suitable to prevent the 404 responses
Patrick Jones avatar
cn flag
Thanks @diya - we will do some investigation on the source IP of the requests as a next step.
Score:1
ng flag

As mentioned by Diya, you will want to check where these requests are coming from. If they come from the same IP's as legitimate users then it may be something in the applicaiton or similar that is looking for this file. If the traffic is coming from locations that don't corrolate to customers then it may be an indicator of a more malicious process scanning the server to find vulnerabilities.

This is a fairly common occuruance, and generally these sort of requests are attempting to find servers running vulnerable applications or web servers. I'm not sure what specifically server.txt relates to, but I would imagine it is a file which when exposed indicates the presence of something that may be vulnerable.

You could create a 0 byte file with this name, however this would then return a 200 response to the requests, which if it is something malicious looking for something to attack, may point further attention in your direction.

Patrick Jones avatar
cn flag
Thanks @sam - we will do some investigation on the source IP of the requests as a next step.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.