api/auth/session on vercel
Answered
Lakeland Terrier posted this in #help-forum
Lakeland TerrierOP
I am getting more traffic on the route api/auth/session than the rest of this little webpage combined. I dont have auth setup on this website, is this vercel's built in session tracking? Or is this some rouge entity attempting to access api/auth/session?
Answered by Asian black bear
Chances are high it's somebody poking for vulnerabilities since apps hosted on Vercel often use Auth.js which uses this route and they attempt to breach badly configured apps.
4 Replies
Asian black bear
Chances are high it's somebody poking for vulnerabilities since apps hosted on Vercel often use Auth.js which uses this route and they attempt to breach badly configured apps.
Answer
@Asian black bear Chances are high it's somebody poking for vulnerabilities since apps hosted on Vercel often use Auth.js which uses this route and they attempt to breach badly configured apps.
Lakeland TerrierOP
That is what I assumed. I have a web3form on the page and I bet some bot trolling around saw it. Where in logs should I be looking to see where this traffic is coming from?
And is there a way I can just block any attempts to do anything with this route?
And if I was using Auth.js, how would I differentiate this malicious traffic from my normal traffic? I only noticed this is out of place because I do not have it on this project