Email or username:

Password:

Forgot your password?
All posts Eugen's posts Post Back to profile
Top-level
Eugen Rochko

@msh Can I see this fake 404 page? Might be able to understand better what produces it

30 Dec 2020 at 6:57 | Open on mastodon.social
8 comments
Mark Shane Hayden

@Gargron coales.co is my instance and as you can see it's not right when you go there.

Oddly anything not that or in any url not beginning in /web/... still works and the API still works so I am resorting to tusky and pinafore to use my instance. For example I can still go to /about or /public and do my admin and moderation at /admin

30 Dec 2020 at 7:05 | Open on coales.co
Eugen Rochko

@msh This is very wrong. This does not look like a nginx directory listing. And Mastodon doesn't have anything that produces that output. It's listing files in the Mastodon root directory, not public! Thankfully .env.production can't be retrieved, but still. I would start suspecting foul play at this point. Some kind of malware or hack?

30 Dec 2020 at 7:08 | Open on mastodon.social
Eugen Rochko

@msh Also check the public directory for an index.html file, it could hijack the / path like that if it existed, it's not supposed to exist. But check what/who created it, if that's what's happening.

30 Dec 2020 at 7:10 | Open on mastodon.social
CMDR Yojimbosan UTC+(12|13)

@Gargron @msh 'poc'o might be a symlink in that directory that is broken perhaps?

30 Dec 2020 at 7:12 | Open on hackers.town
Eugen Rochko

@msh By the way if it's any clue it seems like that index.html is two different pages concatenated, if you look at the source. First it's the 404 page about /poco and then a directory listing page.

30 Dec 2020 at 7:14 | Open on mastodon.social
Mark Shane Hayden replied to Eugen

@Gargron you're right, I hadn't noticed the two stes of <html>...</html> before!

There isn't any indication of compromise in my system and no stray index.html (the whole mastodon direrctory was blown away then live was pulled in from git again). But there is progress. I *can* go to https://.../web and it will let me in again, but that initial redirect from the root URL still does the poco thing. Maybe something is cached somewhere from the first botched upgrade?

30 Dec 2020 at 8:01 | Open on coales.co
Eugen Rochko replied to Mark Shane Hayden

@msh Eh, could be, then delete the nginx cache directory and see what happens

30 Dec 2020 at 8:02 | Open on mastodon.social
Mark Shane Hayden replied to Eugen

@Gargron

Fantastic!

That did the trick. I'm still bothered that I haven't determined the root cause yet, though it definitely started happening immediately after I did the first upgrade attempt.

Thanks for the tips! I kinda tossed you in my mentions tongue-in-cheek so it was quite beyond my expectations!

There is no way any closed source product or service or anything from the Big Internet Silos would EVER step up like that.

30 Dec 2020 at 8:15 | Open on coales.co
Go Up