[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Upload by URL floods /tmp



Also uploading can fill the "apache" tmp (this is debian, eprints 3.3.15):

# ls -lh 
/tmp/systemd-private-xywxywzzxwy4e400b8e58e43bcaff8191-apache2.service-xxxxxx/tmp/
total 2,2G
-rw------- 1 www-data www-data 152K set 20 10:23 0q3cu3jxbk
-rw------- 1 www-data www-data? 45K set 13 11:06 0xJWXvrMeQ
-rw------- 1 www-data www-data? 41K set 19 15:24 1BsugzoYGG
-rw------- 1 www-data www-data? 49K set 11 12:26 8W8w2f_Ha8
-rw------- 1 www-data www-data 161K set 20 10:05 blLb6kH2VI
-rw------- 1 www-data www-data 7,8M set 20 11:47 bN6gHQJOLk
-rw------- 1 www-data www-data 1,4G set 13 16:57 eXjmPVqRmL
-rw------- 1 www-data www-data? 41M set 20 11:18 fieMadumzJ
-rw------- 1 www-data www-data 161M set 20 10:18 HAYoNR5DsR
-rw------- 1 www-data www-data 345K set 14 10:29 ntEJoSPI5v
-rw------- 1 www-data www-data 6,9M set 20 11:43 oSrLVzpz2d
-rw------- 1 www-data www-data 230M set 18 15:04 rfbO9v8IjM
-rw------- 1 www-data www-data 156M set 19 15:24 thM9gxJrFY
-rw------- 1 www-data www-data? 41M set 20 11:19 v6Pa6Xauk3
-rw------- 1 www-data www-data 161M set 20 17:03 YMJ_gsuJSn
-rw------- 1 www-data www-data 161K set 20 10:19 _YzgIMPoVJ

this files never get deleted.

Il 26/09/18 08:53, Emilian Mitocariu via Eprints-tech ha scritto:
> Hi,
>
> Regarding this issue: *MailScanner has detected a possible fraud 
> attempt from "emea01.safelinks.protection.outlook.com" claiming to be* 
> https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints%2Fissues%2F427&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C39d9d074c9524dc70e9308d623820adb%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&sdata=5TB5xmjAsn8nBR7gJ1BOXnmeDcg6qpCWvnSlZJ8jNOM%3D&reserved=0 
> <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints%2Fissues%2F427&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C39d9d074c9524dc70e9308d623820adb%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&amp;sdata=5TB5xmjAsn8nBR7gJ1BOXnmeDcg6qpCWvnSlZJ8jNOM%3D&amp;reserved=0>. 
> Is it safe to simply delete the files generated in /tmp or what is the 
> recommended way to clean /tmp without breaking something. In case it 
> matters, I run eprints?3.3.15.
>
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C39d9d074c9524dc70e9308d623820adb%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&amp;sdata=h8C0YMa%2BqdV8eC%2FqLzaxAluopnFvR1TG%2BdVEjZ6fC3Q%3D&amp;reserved=0
> *** EPrints community wiki: https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C39d9d074c9524dc70e9308d623820adb%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&amp;sdata=p2GYFYn%2FY1DwWJLLxl0ll5uG0b70oSDTeGYKl7USJTA%3D&amp;reserved=0
> *** EPrints developers Forum: https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fforum.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C39d9d074c9524dc70e9308d623820adb%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&amp;sdata=%2BD8T9USEHKopJsk%2FLSdVzxjXoym%2FwdTa6NM0qM7B40I%3D&amp;reserved=0