Hi all. My first post here.
I have a Go http app that keeps filling up my drive.
I know this is some sort of exploit because it’s some sort of loop that writes to a file called /tmp/#45
… Nothing that would do that is in my code.
I THINK I have my basic file server route neutered.
if r.URL.Path == "/" {
f, err := os.Open("static" + Slash + "index.html")
checkErr(err)
http.ServeContent(w, r, "index.html", time.Now(), f)
return
}
if strings.HasSuffix(r.URL.Path, "/") || strings.Contains(r.URL.Path, "..") || r.URL.Path == "." {
http.NotFound(w, r)
return
}
FileServerHandler.ServeHTTP(w, r)
I think my websockets are sane.
var upgrader = websocket.Upgrader{
ReadBufferSize: 1024,
WriteBufferSize: 1024,
EnableCompression: true,
CheckOrigin: func(r *http.Request) bool { return true },
}
I’m assuming someone is sending a call to the server that is somehow fooling it to constantly write to the drive. I just can’t sort out how.
Only 80/443 are open. everything else is denied from the server’s firewall and the firewall in front of it.
The only other thing I can think of is that the app ran as root so it could access 80/443. I’m already updating it so it’s run by a normal user on a different port and have NGINX proxy it.
Any ideas?
THANK YOU!