IAmJulianAcosta's questions

I'm trying to use a variable in nginx in server_name, but is not working. Is this possible?

server {
    listen 80;
    index index.php index.html;
    set $foo "bar.example.com";
    server_name $foo;
}

I'm doing something like this:

location /foo {
        content_by_lua_block {
            local reqType = ngx.var.request_method
            if reqType == "POST"
                res = ngx.location.capture("/bar")
            else
                res = ngx.location.capture("/baz")
            end
            ngx.say(res.body)
        }
    }

    location /bar {
        internal;
        #fastcgi, omitted
    }

    location /baz{
        internal;
        #fastcgi, omitted
    }
}

But the headers sent by PHP are lost and status code is always 200. Is there anyway to just send the original response? ngx.say() just output the response body, and I need to capture the entire request and send it to browser.

I'm using openresty/1.9.15.1

Edit: I found a way to do this, but if there exists any different way to do this, would be very appreciated.

Today I found that /var/log/auth.log file only has records from latest week, and I'm suspecting that I was hacked by using an insecure SSH password, and the attacker deleted access logs to avoid detection.

Here are the first lines in the log:

Jun 26 06:44:58 server CRON[14297]: pam_unix(cron:session): session closed for user root Jun 26 06:47:01 server CRON[14484]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 26 06:47:02 server CRON[14484]: pam_unix(cron:session): session closed for user root Jun 26 07:17:01 server CRON[14515]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 26 07:17:01 server CRON[14515]: pam_unix(cron:session): session closed for user root Jun 26 08:17:01 server CRON[14518]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 26 08:17:01 server CRON[14518]: pam_unix(cron:session): session closed for user root Jun 26 09:17:01 server CRON[14521]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 26 09:17:01 server CRON[14521]: pam_unix(cron:session): session closed for user root Jun 26 10:17:01 server CRON[14524]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 26 10:17:01 server CRON[14524]: pam_unix(cron:session): session closed for user root Jun 26 11:17:01 server CRON[14527]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 26 11:17:01 server CRON[14527]: pam_unix(cron:session): session closed for user root Jun 26 12:17:01 server CRON[14530]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 26 12:17:01 server CRON[14530]: pam_unix(cron:session): session closed for user root Jun 26 13:16:29 server login[1022]: pam_unix(login:auth): check pass; user unknown Jun 26 13:16:29 server login[1022]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= Jun 26 13:16:32 server login[1022]: FAILED LOGIN (1) on '/dev/tty1' FOR 'UNKNOWN', Authentication failure Jun 26 13:17:01 server CRON[14533]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 26 13:17:01 server CRON[14533]: pam_unix(cron:session): session closed for user root Jun 26 13:17:09 server login[1022]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=root Jun 26 13:17:13 server login[1022]: FAILED LOGIN (2) on '/dev/tty1' FOR 'root', Authentication failure Jun 26 13:17:18 server login[1022]: FAILED LOGIN (3) on '/dev/tty1' FOR 'root', Authentication failure Jun 26 13:17:23 server login[1022]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=vagrant Jun 26 13:17:34 server login[14536]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=vagrant Jun 26 13:17:36 server login[14536]: FAILED LOGIN (1) on '/dev/tty1' FOR 'vagrant', Authentication failure

Is this normal? Should this be complete?

I was hacked and checking nginx logs I found several requests like this one:

169.229.3.91 - - [18/Jun/2016:09:42:19 +0000] ")\xE7\xD1?\xD6\x18.\xC0\xCE\xA3\x7FR\xEA~O$\x0BLi\x13\xA0m\xE7\xF0H4\x92\xD6\xBFv\xD2\xDF3\xFCX#T\x0B\xB6\xE4XmU\xEF$\x03\xC9/\xFD\xDEf\x00\x89Prq\x1A\xB5\x13\x0CoGOn" 400 173 "-" "-" `

I suspect of XML-RPC attack generating from my server but I can't confirm it, is there any way to convert that code to human readable text?

I have a cookie that I need to be read in Javascript, so I need to remove the httponly part of the cookie from it.

This is the cookie I need to modify:

Set-Cookie: wordpress_c3d46b752402579c18e981091b8c940c=admin%7C1463963639%7CWsIehTVJh4%7C7ee6e8117b6b; expires=Mon, 23-May-2016 12:33:59 GMT; Max-Age=1252800; path=/wp-content/plugins; domain=.example.org; HttpOnly

I just need to strip the HttpOnly string at the end of the cookie

PS: I know that I'm introducing a potential security problem here.

Reading this question, I understood that containers use a base image (like ubuntu) for root filesystem. Now my question is if is necessary to download a base image, if I have exactly the same OS (like ubuntu 14.04).

Is that base image redundant?