Possible Attack autoshell.txt - ruby-on-rails

I got this error reported to me recently from my Rails app.
mycontroller#update (ArgumentError) "invalid %-encoding (<%MYTEST)
An ArgumentError occurred in mycontroller#update:
invalid %-encoding (<%MYTEST)
These are the parameters that were passed.
Parameters : {"controller"=>"mycontroller", "action"=>"update", "id"=>"autoshell", "format"=>"txt"}
Should I be worried? I recently upgraded to Rails 4.1 and ruby 2.1.3. What is autoshell.txt?

This seems to be somebody scanning for websites vulnerable to JCE Joomla Extension Auto Shell Upload Exploit. Really nothing to worry about.

I've been seeing this error in our logs as well. I'm not concerned about it personally, but if it becomes annoying you can add this to your routes.rb file:
put '/autoshell', to: proc { [404, {}, ['']] }
That will return an empty 404 response.

Related

Rails: Net::OpenTimeout execution expired with HTTParty

My app is supposed to get JSON data from an external URL. It was working just fine until this morning. I see this error message:
Net::OpenTimeout in CommandesController#generate
execution expired
I have changed NOTHING and I can still access the external json url from a browser. Can you please help me ?
Here is the code that creates the issue:
#data = HTTParty.get(URL).parsed_response
The external site may be causing the timeouts. Try increasing the timeout period.
#data = HTTParty.get(URL, timeout: 60).parsed_response
I had the same problem, with this error raising occasionally. What helped was to:
require 'resolv-replace'
Looks like it's was an issue with how Ruby resolves DNS.
I Solve the issue by adding verify:true to HTTParty so that it forces SSL acceptation
#data = HTTParty.get(URL, verify:true).parsed_response

Yelp Place API returning "Invalid Signature" Error only from Nginx on EC2

Problem: I am getting an "Invalid Signature" error from Yelp API only from production (running on nginx server in AWS) When I run locally on my localhost:3000, there is no signature error, and everything works fine.
I am using the yelp gem in rails. Here's some code in ruby.:
$client = Yelp::Client.new({
consumer_key: $SL_CONSUMER_KEY,
consumer_secret: $SL_CONSUMER_SECRET,
token: $SL_TOKEN,
token_secret: $SL_TOKEN_SECRET
})
begin
$client.search("Los Angeles")
rescue => error
puts error.message
puts error.inspect
end
error.message prints out: "Signature was invalid"
error.inspect prints out: < Yelp::Error::InvalidSignature: Signature was invalid >
Everything works when I run locally on rails' Webrick server but when I run it in production, I get an "Invalid Signature" error.
Has anyone seen this? I've looked at some relevant posts, but this seems different. Thanks!
This will probably not pertain to most people, but the off chance it could help someone, here it is:
My "time" was effed up on my EC2 instance. So for example, in ruby, Time.now was not printing the actual time. (I think it was off by a few minutes or so).
Anyway, Yelp API requires a oauth_timestamp when you send a request. Of course, then, my request was timing out b/c the time was off.
How did I found this error out?
I just pinged the URL on my browser with the oauth, token, oauth_timestamp, etc. (few more) as query params. The browser spits out the error response in JSON, and it was saying that my request was timing out. When you use the ruby Yelp Client and catch the exception in code, it doesn't spit out the error response in terminal, so it's a bit more difficult to locate the exact root of the error.
How I solved it:
I re-calibrated the time in my ec2 instance by following the directions here: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html
Problem is solved. Peace.
Invalid signature error in Yelp API occurs due to two reasons .
First , Either of your four keys i.e consumer_key , consumer_secret_key , Token & Token Secret is invalid . Secondly Parameters passed to Yelp API Function are either invalid or any of those are nil .

Whois Parser error for ORG/NET URLs

I have checking the whois information for .org/.net/.ae sites. While parsing it was giving error.
This is my code part:
record = Whois.whois(url)
date = record.created_on
Its giving the following error
Whois::ParserError: Unexpected token: Access to .ORG
What is the issue here. Its working for .com URLs.
The issue has been fixed in this pull-request and I've released a new version today. Make sure to use the v3.4.4.

Jasper server integration in rails 2

I want to configure jasperserver-client gem in order to receive reports from Jasper server through SOAP.
The error I get is JasperServer::Error: JasperServer replied with an error: exception getting data strategy
after running the following from console:
client = JasperServer::Client.new("http://example.com/jasperserver-pro/services/repository", "jasperadmin", "jasperadmin")
request = JasperServer::ReportRequest.new("/public/test2", "PDF", { 'last_login_at' => '2013-01-15 00:00:00'})
pdf_data = client.request_report(request)
Any idea what might be the cause. I think that it's able to find the server and the report but it might be something wrong with the optional parameters.
I also tried generating the request without the option hash
I've solved my problem with this tutorial
http://jonif.blogspot.com.br/2012/07/

Rails + Nokogiri + Heroku - response 503 for URLs from StackOverflow

I'm writing a just-for-fun app for my use. In this app I'm putting URLs in classic POST form from which I'm extracting some informations. For example, this line is where I'm extracting the title of the page:
self.name = Nokogiri::HTML(open(self.url)).css('title').to_s.sub('<title>','').to_s.sub('</title>','')
I'm using Nokogiri (v1.5.4) for parsing data from the source page. I don't know if I'm missing here something, but the behavior of the application is strange.
If I'm running on my localhost in my development environment on my machine, everything works properly and seems to me alright. But, after pushing on Heroku, some problems occurred. For example, URLs from StackOverflow always have this type of error:
OpenURI::HTTPError (503 Service Unavailable):
app/models/url.rb:67:in `set_name'
app/controllers/urls_controller.rb:48:in `block in create'
app/controllers/urls_controller.rb:46:in `create'
I don't understand why it is happening just on Heroku. On my local machine it's working perfectly with the same URL. I'm maybe missing something with Heroku, but other URLs are returning the normal 200 state and working fine. It's just URLs from StackOverflow.
Don't use:
.to_s.sub('<title>','').to_s.sub('</title>','')
Instead use:
.text
For instance:
html = '<head><title>foo</title></head>'
Nokogiri::HTML(html).css('title').text
In IRB:
irb(main):055:0> html = '<head><title>foo</title></head>'
"<head><title>foo</title></head>"
irb(main):056:0> Nokogiri::HTML(html).css('title').text
"foo"
Why URLs for StackOverflow fail on Heroku fail with a 503 might be a routing or hosting issue since you're getting a 503.
Rather than scraping pages, you might want to consider "Where is Stack Overflow's public data dump?" and "
Stack Overflow Creative Commons Data Dump".

Resources