Gregory's Server@msh This is very wrong. This does not look like a nginx directory listing. And Mastodon doesn't have anything that produces that output. It's listing files in the Mastodon root directory, not public! Thankfully .env.production can't be retrieved, but still. I would start suspecting foul play at this point. Some kind of malware or hack?
|
6 comments
 @msh By the way if it's any clue it seems like that index.html is two different pages concatenated, if you look at the source. First it's the 404 page about /poco and then a directory listing page.  @Gargron you're right, I hadn't noticed the two stes of <html>...</html> before! There isn't any indication of compromise in my system and no stray index.html (the whole mastodon direrctory was blown away then live was pulled in from git again). But there is progress. I *can* go to https://.../web and it will let me in again, but that initial redirect from the root URL still does the poco thing. Maybe something is cached somewhere from the first botched upgrade? @msh Eh, could be, then delete the nginx cache directory and see what happens Fantastic! That did the trick. I'm still bothered that I haven't determined the root cause yet, though it definitely started happening immediately after I did the first upgrade attempt. Thanks for the tips! I kinda tossed you in my mentions tongue-in-cheek so it was quite beyond my expectations! There is no way any closed source product or service or anything from the Big Internet Silos would EVER step up like that. |
@msh Also check the public directory for an index.html file, it could hijack the / path like that if it existed, it's not supposed to exist. But check what/who created it, if that's what's happening.