Welcome! Log In Create A New Profile

Advanced

GbPlugin

W. Andrew Loe III
May 07, 2010 01:22PM
This user agent is able to create a bad request for image assets that
is bypassing nginx. We are seeing these odd requests in our Rails
application (via Passenger) but they should either be 400s or serve
valid images. A quick google search turns up some interesting history
on this User-Agent, it seems that it has been compromised by some
Brazilian malware authors.

Here is an example exception from our application, does anyone see
anything strange? If I attempt to hit that url in a standard browser I
get an image, I do not see an accepts header, perhaps this is why
nginx passing the request on?:

A ActionController::RoutingError occurred in application#index:

No route matches "/images/ajax-loader.gif" with
{:subdomain=>"macchiato-assets2", :method=>:get,
:domain=>"onehub.com", :host=>"macchiato-assets2.onehub.com"}
[RAILS_ROOT]/vendor/rails/actionpack/lib/action_controller/routing/recognition_optimisation.rb:66:in
`recognize_path'

-------------------------------
Request:
-------------------------------

* URL : http://macchiato-assets2.onehub.com/images/ajax-loader.gif?1273194370
* IP address: 200.204.143.221
* Parameters: {"1273194370"=>nil}
* Rails root: /data/onehub/deploy_1

-------------------------------
Session:
-------------------------------

* session id: nil
* data: nil

-------------------------------
Environment:
-------------------------------

* CONTENT_LENGTH : 0
* DOCUMENT_ROOT : /data/onehub/current/public
* HTTP_CACHE_CONTROL : no-cache
* HTTP_CONNECTION : keep-alive
* HTTP_COOKIE :
_onehub_session_id=<snip>; remember_me=1
* HTTP_HOST : macchiato-assets2.onehub.com
* HTTP_USER_AGENT : GbPlugin
* HTTP_X_FORWARDED_FOR : 200.204.143.221
* PASSENGER_APP_SPAWNER_IDLE_TIME : -1
* PASSENGER_APP_TYPE : rails
* PASSENGER_ENVIRONMENT : production
* PASSENGER_FRAMEWORK_SPAWNER_IDLE_TIME : -1
* PASSENGER_SPAWN_METHOD : smart-lv2
* PASSENGER_USE_GLOBAL_QUEUE : true
* PATH_INFO :
/images/ajax-loader.gif?1273194370
* QUERY_STRING :
* RAW_REQUEST_URI :
/images/ajax%2Dloader.gif%3F1273194370
* REMOTE_ADDR : 10.250.18.33
* REMOTE_PORT : 48252
* REQUEST_METHOD : GET
* REQUEST_URI :
/images/ajax-loader.gif?1273194370
* SCGI : 1
* SCRIPT_NAME :
* SERVER_ADDR : 10.250.182.80
* SERVER_NAME : 10.250.182.80
* SERVER_PORT : 80
* SERVER_PROTOCOL : HTTP/1.1
* SERVER_SOFTWARE : nginx/0.7.65
* _ : _
* action_controller.request.path_parameters :
* action_controller.request.query_parameters : 1273194370
* action_controller.request.request_parameters:
* action_controller.rescue.request :
#<ActionController::Request:0x10175510>
* action_controller.rescue.response :
#<ActionController::Response:0x101678e8>
* rack.errors : #<IO:0x98afe18>
* rack.input :
#<PhusionPassenger::Utils::RewindableInput:0x10175ab0>
* rack.multiprocess : true
* rack.multithread : false
* rack.request.cookie_hash :
* rack.request.cookie_string :
_onehub_session_id=<snip>; remember_me=1
* rack.request.query_hash : 1273194370
* rack.request.query_string : 1273194370
* rack.run_once : false
* rack.session :
* rack.session.options : <snip>
* rack.url_scheme : http
* rack.version : 10

* Process: 27543
* Server : ip-10-250-182-80

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

GbPlugin

W. Andrew Loe III May 07, 2010 01:22PM

Re: GbPlugin

W. Andrew Loe III May 07, 2010 02:02PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 131
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready