Go http server keeps filing up my server

Hi all. My first post here.

I have a Go http app that keeps filling up my drive.

I know this is some sort of exploit because it’s some sort of loop that writes to a file called /tmp/#45
… Nothing that would do that is in my code.

I THINK I have my basic file server route neutered.

if r.URL.Path == "/" {
        f, err := os.Open("static" + Slash + "index.html")
        http.ServeContent(w, r, "index.html", time.Now(), f)
if strings.HasSuffix(r.URL.Path, "/") || strings.Contains(r.URL.Path, "..") || r.URL.Path == "." {
        http.NotFound(w, r)
FileServerHandler.ServeHTTP(w, r)

I think my websockets are sane.

var upgrader = websocket.Upgrader{
        ReadBufferSize:    1024,
        WriteBufferSize:   1024,
        EnableCompression: true,
        CheckOrigin:       func(r *http.Request) bool { return true },

I’m assuming someone is sending a call to the server that is somehow fooling it to constantly write to the drive. I just can’t sort out how.

Only 80/443 are open. everything else is denied from the server’s firewall and the firewall in front of it.

The only other thing I can think of is that the app ran as root so it could access 80/443. I’m already updating it so it’s run by a normal user on a different port and have NGINX proxy it.

Any ideas?


What’s in the files? If they’re plain text, do the contents help identify what the files are? If they’re binary, try checking the first few bytes for a “magic number” to see what might be creating them.

This piece of code is not enough to figure out what is going on.

I’ve narrowed this down. It’s the strangest thing!

For some reason, when I have crontab launch this webapp at reboot, that is what is causing the app to fill up the hard drive!
If I run the app myself, it works flawless. If I have crontab run it, I watch iotop and it’s just filling the drive!

Anyone ever run into this?

The only thing I can think of is that the app captures control-C, so if I crontrol-C out of it, it does a bit of clean up first.

I honestly, have no ideas.

I’ve replicated it on 2 machines.

The “annoying” part is that I can’t remember the command to see the temp files. Because if I just do an ls or a find du, the files aren’t visible… It was a special command I found somewhere that let me find them.

So weird!

crontab is not meant to be used to start applications on system restart, there are much better ways depending on your operating system.

Which way do you suggest in Ubuntu 20.04? I only did it this way because after googling, it seemed the the most recommended way other than redeveloping the app as a service.

You should configure a new systemd service which will take care of starting your app.

1 Like