Hi I have a problem with uploading files to my server through an admin system. I myself do not really work with ASP scripting much, so I don't understand the problem.
When uploading files like thumbnails there seems to be no problem with the script, but when trying to upload the bigger images it does not work and gives me an Internal server error 500 (There is a problem with the resource you are looking for, and it cannot be displayed.)
The loading script that is used is call LOADER.ASP and as said before using small files, the script uploads fine and all entries are made into the the database just fine.
If anyone could just give me a hint to why this might happen or what could be the cause for giving the error it woulds realy help
Thank you
Related
Recently we attempted to advertise our website via google ads. However, we got a reply regarding "malicious links" that should be removed from our website. Said files (.js) are, in fact, just chucks of the NextJs build located under /_next/static/chucks/.
Has anyone experienced this issue before? I assume that their crawler labeled these .js chunks as malicious for some reason, but many of the files they linked are simply small chunks containing a single line of code.
Here is an example of such a (one-liner) file:
(window.webpackJsonp_N_E=window.webpackJsonp_N_E||[]).push([[10],[]]);
Obviously, deleting these files would cause the website to cease working. We explained as much but they told us that there was nothing that could be done unless we delete these files.
Am I missing something obvious here?
I'm experimenting with using Nancy framework and found it works quite simply and I got the methods for downloading & uploading files quickly. I even was able to download large files with no problem with no changes.
However, I am finding that when I upload a large file, I get a 404 error; Nancy's route is never reached nor does it shows in request tracing.
The same route works fine when I use a small file so I have to think there is something going below Nancy that prevents me from posting a large file. From past experience with WCF, it was necessary to set several parameters and I assumed most would not be even applicable in a Nancy framework, neither would I have any idea how to translate what I should do in WCF to what I should do in Nancy.
During typing up the question, I noticed a similar question here; ASP.Net 404 Large XMLHttpRequest File Upload
From there, I derived that I needed to update my web.config in two places:
system.webServer/security/requestFiltering/requestLimit
system.web/httpRuntime/#maxRequestLength
With those 2 changes, the 404 turns into 200. So simple!
This morning I logged onto my website and shockingly I found that it just spit out error messages and some kind of upload form was displayed. A form that basically uploads a file onto my server.
I logged into my server and had a look at the access log. It seems he accessed the function file of my wordpress theme, fully deleted the original and created an upload form out of it.
With that upload form he then uploaded the following file.
Edit: I had to copy the code to hastebin, it was too big to be posted here.
http://hastebin.com/itedinefiz.php
He named the file web-info.php. I did not run the file because I am afraid that it might do some harmful things to my site.
Could anyone tell me what this file does?
Anyway, I have restored the functions.php file of my wordpress theme and deleted that web-info.php file form the server and now it seems that the website is running again.
Oh and my guess he gained access to my website because my login credentials were very easy... very stupid of me :(
After doing a bit research this what I came up with.
The malicious file that I have posted above, was encoded using eval(gzinflate(base64_decode));
Thanks to http://ddecode.com/phpdecoder/ I was able to decoded it, here is the raw PHP file that the hacker left behind:
http://pastebin.com/fAEQn2j7
I ran the file on my local machine, holy crap! It's a full on rootkit. It has massive interface that covers pretty much anything to take over the entire server. It seems to let you browser the entire files on the server, run sql code, run php code, brutforce options, network option and so on.
I think the safest it to cancel the entire VPS that I am renting from Bluehost, a normal wordpress deinstallation won't do any good.
i am currently hosting my site on justhost (just as a test server), when i save my work on my local computer through aptana the files are automatically uploaded to the hosting server, and they appear fine. However this only works for my actual files like .php and .html
They do not work for my .css files, so if i save them and upload them the changes do not take effect, until like the next day, or if i turn my computer on and off and leave it a couple of hours, i am not sure why they are not taking effect immediately like the rest of the fiels.
I have tried deleting my cache and adding ?ver=1.0 to the end of the file name, but still no luck.
Also, i checked the hosting directly and the css file has updated to the correct version, but just does not show in browser.
Any ideas on what could be wrong, it would make life much easier if i could get them updating like the other files.
Thanks
I can't be sure what is causing this, but if I'm correct - the files do upload, its not a case of not uploading. It's one of these things
The Cache is holding it (already cleared it though?)
The file is doing some odd cross server transfer, depends what sort of hosting your on, but it may be the file is getting held up somewhere
Try clearing the DNS Cache
Start > type CMD > in the dialog type:
ipconfig /flushdns
That may force the computer to reload the file.
As for an ongoing solution to prevent it in the future I'm out...
I know it has been a while, but as others may find this question the way I did, the solution for me was to enable Cloudflare Developer Mode. Cloudflare was keeping the css files in cache and it drove me crazy to find the solution in another forum. I hope your case may be the same as mine as thus you can solve it as well.
I've created a photo gallery using the Gallery template in WebMatrix. Everything seems to work fine except that I get this ERR_CONNECTION_RESET whenever I try to upload a large file. I've tried with 12 Kb file and the app works fine but I get the reset error when trying to upload a 25 Kb file. Setting maxRequestLength to 51200 and executionTimeout to 3600 also didn't help.
Whats wrong here?
There are a number of threads on the ASP.NET forums about this error (ERR_CONNECTION_RESET); not sure if any of those would help you resolve your issue. For example, there's this:
http://forums.asp.net/t/1526998.aspx/1
Some things to ascertain, anyway:
Same problem in other/every browser?
Does the issue manifest locally when you test, or only in a deployed site?
Sorry not to have anything more concrete to offer.