Go http server keeps filing up my server

Rob_S · December 12, 2020, 6:49pm

Hi all. My first post here.

I have a Go http app that keeps filling up my drive.

I know this is some sort of exploit because it’s some sort of loop that writes to a file called /tmp/#45
… Nothing that would do that is in my code.

I THINK I have my basic file server route neutered.

if r.URL.Path == "/" {
        f, err := os.Open("static" + Slash + "index.html")
        checkErr(err)
        http.ServeContent(w, r, "index.html", time.Now(), f)
        return
    }
if strings.HasSuffix(r.URL.Path, "/") || strings.Contains(r.URL.Path, "..") || r.URL.Path == "." {
        http.NotFound(w, r)
        return
    }
FileServerHandler.ServeHTTP(w, r)

I think my websockets are sane.

var upgrader = websocket.Upgrader{
        ReadBufferSize:    1024,
        WriteBufferSize:   1024,
        EnableCompression: true,
        CheckOrigin:       func(r *http.Request) bool { return true },
    }

I’m assuming someone is sending a call to the server that is somehow fooling it to constantly write to the drive. I just can’t sort out how.

Only 80/443 are open. everything else is denied from the server’s firewall and the firewall in front of it.

The only other thing I can think of is that the app ran as root so it could access 80/443. I’m already updating it so it’s run by a normal user on a different port and have NGINX proxy it.

Any ideas?

THANK YOU!

skillian · December 13, 2020, 5:47pm

What’s in the files? If they’re plain text, do the contents help identify what the files are? If they’re binary, try checking the first few bytes for a “magic number” to see what might be creating them.

acim · December 13, 2020, 7:00pm

This piece of code is not enough to figure out what is going on.

Rob_S · December 20, 2020, 6:14pm

I’ve narrowed this down. It’s the strangest thing!

For some reason, when I have crontab launch this webapp at reboot, that is what is causing the app to fill up the hard drive!
If I run the app myself, it works flawless. If I have crontab run it, I watch iotop and it’s just filling the drive!

Anyone ever run into this?

The only thing I can think of is that the app captures control-C, so if I crontrol-C out of it, it does a bit of clean up first.

I honestly, have no ideas.

I’ve replicated it on 2 machines.

The “annoying” part is that I can’t remember the command to see the temp files. Because if I just do an ls or a find du, the files aren’t visible… It was a special command I found somewhere that let me find them.

So weird!

acim · December 26, 2020, 1:40pm

crontab is not meant to be used to start applications on system restart, there are much better ways depending on your operating system.

Rob_S · December 26, 2020, 2:57pm

Which way do you suggest in Ubuntu 20.04? I only did it this way because after googling, it seemed the the most recommended way other than redeveloping the app as a service.

acim · December 26, 2020, 3:57pm

You should configure a new systemd service which will take care of starting your app.