NginX Sudden "Weird server reply" HACKED ?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

NginX Sudden "Weird server reply" HACKED ?

shahzaib mushtaq
Hi,

We just recently received an alert against one of our Nginx based server which has started to download files with any extension e.g .html, .php) on HTTP instead of processing it. On HTTPS file process fine but on HTTP, even though its .html extension file it is started to download by the browser.

We've forced redirect setup from HTTP to HTTPS, which is also stopped working. If we send curl request to HTTP , following is the reply we get:

[root@cw025 /usr/local/etc/nginx/vhosts]# curl -I http://cw025.domain.com/test.html
curl: (8) Weird server reply

Can anyone help whats going on?

Regards.

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: NginX Sudden "Weird server reply" HACKED ?

shahzaib mushtaq
Hi,

I tried to create a test.html file without any content in it and curl request showed following output:

[root@cw025 /tunefiles/tunefiles_git]# curl  http://cw025.domain.com/test.html
€ÿÿ


On Fri, Nov 8, 2019 at 5:10 PM shahzaib mushtaq <[hidden email]> wrote:
Hi,

We just recently received an alert against one of our Nginx based server which has started to download files with any extension e.g .html, .php) on HTTP instead of processing it. On HTTPS file process fine but on HTTP, even though its .html extension file it is started to download by the browser.

We've forced redirect setup from HTTP to HTTPS, which is also stopped working. If we send curl request to HTTP , following is the reply we get:

[root@cw025 /usr/local/etc/nginx/vhosts]# curl -I http://cw025.domain.com/test.html
curl: (8) Weird server reply

Can anyone help whats going on?

Regards.

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: NginX Sudden "Weird server reply" HACKED ?

shahzaib mushtaq
Ok found it, i mistakenly put http2 header in HTTP section of nginx . 


On Fri, Nov 8, 2019 at 6:00 PM shahzaib mushtaq <[hidden email]> wrote:
Hi,

I tried to create a test.html file without any content in it and curl request showed following output:

[root@cw025 /tunefiles/tunefiles_git]# curl  http://cw025.domain.com/test.html
€ÿÿ


On Fri, Nov 8, 2019 at 5:10 PM shahzaib mushtaq <[hidden email]> wrote:
Hi,

We just recently received an alert against one of our Nginx based server which has started to download files with any extension e.g .html, .php) on HTTP instead of processing it. On HTTPS file process fine but on HTTP, even though its .html extension file it is started to download by the browser.

We've forced redirect setup from HTTP to HTTPS, which is also stopped working. If we send curl request to HTTP , following is the reply we get:

[root@cw025 /usr/local/etc/nginx/vhosts]# curl -I http://cw025.domain.com/test.html
curl: (8) Weird server reply

Can anyone help whats going on?

Regards.

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx