Follow

Hey guys! I need help, my web server (nginx) default page is all messed up, with a very very weird message on it, anyone seen this before?

" Nothing there anymore! But the future’s ever changing, and something might appear there, someday! "

My log is filled with very odd stuff: lxp.fr/i3Mx0bbLG0

@Kooda Have you been exploited? I think those \x things in the log are unicode characters. Have you tried decoding them?

@ebarrett I can’t think of any thing else than an exploit yeah… :/

I haven’t tried decoding them, but I found one file in my file system that has this message, and its’s an nginx cache entry.

@ebarrett It is yes, and this page doesn’t exist in the static files.

@ebarrett Also, this message appears on *every* site I host, when the URL path is "/"

@Kooda That sounds very suspicious indeed. I'd tar up everything for post mortem.

@ebarrett A backup is running as we speak. But I don’t feel really qualified to find out what the problem is. :(

When I disable nginx’s cache, the message disapears.

@ebarrett The resolver for this machine is the local resolver of the network, I didn’t configure anything special for nginx.

@Kooda Well I'm out of ideas, but let us know what happens! Good luck!

@ebarrett I found the cause!!!! Oh my god it’s so silly!

This message is the index.xhtml of an other website I host! For some reason there is a cache collision and it appeared for every "GET /" on the server!

@ebarrett I’m glad too! It was quite a stressful experience! 😔

Sign in to participate in the conversation
River Mastodon

Some otter's Mastodon. Managed by @kasil.