Node.js http server host
My node server is publicly accessible using the IP, I thought by default node were only listening for connection coming from the same machine.
According to Node.js documentation when the server is not listening to any specific host, it will accept connection from :: if IPv6 is available otherwise 0.0.0.0.
If host is omitted, the server will accept connections on the unspecified IPv6 address (::) when IPv6 is available, or the unspecified IPv4 address (0.0.0.0) otherwise.
Source: Node.js Net
Another option for this is to reject connection to that port from outside using a firewall, such as IPTables.
The changes are available on github that makes the server only accept connection from localhost.
All changes pushed, the site is not longer publicly available through the IP.