enkr1

enkr1

Issue of SERVER ALERT: Fatal - No application protocol, SERVER ALERT: Fatal - No application protocol, etc

Hi community,

I had a server running a while ago and it stopped running suddenly. I observed the logs and suspected somebody is trying to brute force my site by accessing different common WordPress (or something else’s) routes:

===== ALIVE Mon Dec  5 18:59:26 UTC 2022

===== Mon Dec  5 19:09:52 UTC 2022
19:09:52.249 [info] Plug.SSL is redirecting GET /.env to https://mysite.com with status 301
19:09:52.611 [info] Plug.SSL is redirecting GET /conf/.env to https://mysite.com with status 301
19:09:52.960 [info] Plug.SSL is redirecting GET /wp-content/.env to https://mysite.com with status 301
19:09:53.331 [info] Plug.SSL is redirecting GET /wp-admin/.env to https://mysite.com with status 301
19:09:53.682 [info] Plug.SSL is redirecting GET /library/.env to https://mysite.com with status 301
19:09:54.056 [info] Plug.SSL is redirecting GET /new/.env to https://mysite.com with status 301
19:09:54.424 [info] Plug.SSL is redirecting GET /vendor/.env to https://mysite.com with status 301
19:09:54.777 [info] Plug.SSL is redirecting GET /old/.env to https://mysite.com with status 301
19:09:55.160 [info] Plug.SSL is redirecting GET /local/.env to https://mysite.com with status 301
19:09:55.540 [info] Plug.SSL is redirecting GET /api/.env to https://mysite.com with status 301
19:09:55.874 [info] Plug.SSL is redirecting GET /blog/.env to https://mysite.com with status 301
19:09:56.242 [info] Plug.SSL is redirecting GET /crm/.env to https://mysite.com with status 301
19:09:56.609 [info] Plug.SSL is redirecting GET /admin/.env to https://mysite.com with status 301
19:09:56.962 [info] Plug.SSL is redirecting GET /laravel/.env to https://mysite.com with status 301
19:09:57.311 [info] Plug.SSL is redirecting GET /app/.env to https://mysite.com with status 301
19:09:57.648 [info] Plug.SSL is redirecting GET /app/config/.env to https://mysite.com with status 301
19:09:58.003 [info] Plug.SSL is redirecting GET /apps/.env to https://mysite.com with status 301
19:09:58.381 [info] Plug.SSL is redirecting GET /audio/.env to https://mysite.com with status 301
19:09:58.728 [info] Plug.SSL is redirecting GET /cgi-bin/.env to https://mysite.com with status 301
19:09:59.079 [info] Plug.SSL is redirecting GET /backend/.env to https://mysite.com with status 301
19:09:59.455 [info] Plug.SSL is redirecting GET /src/.env to https://mysite.com with status 301
19:09:59.829 [info] Plug.SSL is redirecting GET /base/.env to https://mysite.com with status 301
19:10:00.186 [info] Plug.SSL is redirecting GET /core/.env to https://mysite.com with status 301
19:10:00.551 [info] Plug.SSL is redirecting GET /vendor/laravel/.env to https://mysite.com with status 301
19:10:00.891 [info] Plug.SSL is redirecting GET /storage/.env to https://mysite.com with status 301
19:10:01.234 [info] Plug.SSL is redirecting GET /protected/.env to https://mysite.com with status 301
19:10:01.562 [info] Plug.SSL is redirecting GET /newsite/.env to https://mysite.com with status 301
19:10:01.904 [info] Plug.SSL is redirecting GET /www/.env to https://mysite.com with status 301
19:10:02.263 [info] Plug.SSL is redirecting GET /sites/all/libraries/mailchimp/.env to https://mysite.com with status 301
19:10:02.607 [info] Plug.SSL is redirecting GET /database/.env to https://mysite.com with status 301
19:10:02.952 [info] Plug.SSL is redirecting GET /public/.env to https://mysite.com with status 301
19:10:03.352 [info] Plug.SSL is redirecting GET /ec2-18-142-114-116.ap-southeast-1.compute.amazonaws.com/.env to https://mysite.com with status 301
19:10:03.701 [info] Plug.SSL is redirecting POST / to https://mysite.com with status 307
19:10:04.047 [info] Plug.SSL is redirecting GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php to https://mysite.com with status 301
19:11:01.689 [notice] TLS :server: In state :hello at tls_handshake.erl:346 generated SERVER ALERT: Fatal - Insufficient Security
 - :no_suitable_ciphers
19:11:30.675 [info] Plug.SSL is redirecting GET /.env to https://mysite.com with status 301
19:11:31.519 [info] Plug.SSL is redirecting POST / to https://mysite.com with status 307
19:14:56.662 [info] Plug.SSL is redirecting GET / to https://mysite.com with status 301
19:14:56.725 [info] Plug.SSL is redirecting GET / to https://mysite.com with status 301
19:14:58.158 request_id=Fy37nzyNa_Qcb7QAASix [info] GET /
19:14:58.159 request_id=Fy37nzyNa_Qcb7QAASix [info] Sent 200 in 952µs
19:14:59.746 request_id=Fy37n5svCSUZSNUAASkB [info] GET /
19:14:59.746 request_id=Fy37n5svCSUZSNUAASkB [info] Sent 200 in 496µs

===== ALIVE Mon Dec  5 19:29:59 UTC 2022

===== Mon Dec  5 19:42:04 UTC 2022
19:42:04.508 [info] CONNECTED TO Phoenix.LiveView.Socket in 36µs
  Transport: :websocket
  Serializer: Phoenix.Socket.V2.JSONSerializer
  Parameters: %{"_csrf_token" => "LD8vAQUbQgAJJCkbXSBYLQx7W1s6QW58oyBDKoqo1WJphU7Uf3bowvCQ", "_mounts" => "11", "_timezone" => "Asia/Singapore", "_track_static" => %{"0" => "https://mysite.com/assets/app-6676b9997926b9d99094855080ac6f52.css?vsn=d", "1" => "https://mysite.com/assets/app-f7aa12f5be2e70bd89dc872c8be91fc8.js?vsn=d"}, "vsn" => "2.0.0"}
19:45:43.028 [info] Plug.SSL is redirecting GET /.env to https://mysite.com with status 301
19:45:43.550 [info] Plug.SSL is redirecting POST / to https://mysite.com with status 307
19:45:44.615 request_id=Fy39TSXxcXD4KfIAASmR [info] GET /.env
19:45:44.615 request_id=Fy39TSXxcXD4KfIAASmR [info] Sent 404 in 293µs
19:45:45.754 request_id=Fy39TWnTBiF_6BMAASnB [info] POST /
19:45:45.754 request_id=Fy39TWnTBiF_6BMAASnB [info] Sent 404 in 312µs

===== Mon Dec  5 19:56:59 UTC 2022
19:56:59.333 [info] Plug.SSL is redirecting POST / to https://mysite.com with status 307
19:56:59.814 [info] Plug.SSL is redirecting GET /.env to https://mysite.com with status 301
20:01:54.022 [info] Plug.SSL is redirecting GET / to https://mysite.com with status 301
20:01:54.752 request_id=Fy3-Lwaf8LFiPlIAASnx [info] GET /
20:01:54.752 request_id=Fy3-Lwaf8LFiPlIAASnx [info] Sent 200 in 506µs
20:01:55.574 [notice] TLS :server: In state :hello at tls_handshake.erl:364 generated SERVER ALERT: Fatal - Protocol Version

20:01:55.900 [notice] TLS :server: In state :hello at tls_handshake.erl:364 generated SERVER ALERT: Fatal - Protocol Version

20:01:56.238 [notice] TLS :server: In state :hello at tls_handshake.erl:364 generated SERVER ALERT: Fatal - Protocol Version

20:01:56.571 [notice] TLS :server: In state :hello at tls_record.erl:564 generated SERVER ALERT: Fatal - Unexpected Message
 - {:unsupported_record_type, 128}
20:01:58.052 [notice] TLS :server: In state :hello at tls_handshake.erl:346 generated SERVER ALERT: Fatal - Insufficient Security
 - :no_suitable_ciphers
20:01:58.881 [notice] TLS :server: In state :hello at tls_handshake.erl:346 generated SERVER ALERT: Fatal - Insufficient Security
 - :no_suitable_ciphers

I am here to ask for help on why a GET & POST would trigger such errors and why would it break the whole site (stopped completely).

Thank you so much in advance! :heart:

Best wishes,
Jing Hui PANG

Marked As Solved

milangupta

milangupta

For what it is worth ..

Locking down the server is critical .. the number of bots out there scanning and attempting brute-force attacks is astounding !!
There were a couple of key things I did to get my application to stay up :

  • front end firewall (only 443 exposed)
  • ufw on ubuntu (again only 443 exposed)
  • proper ssl cert installation - a good site to verify install - SSL Server Test (Powered by Qualys SSL Labs)
  • review your router.ex logic to ensure you are locked down (incl. serving static assets etc.)
  • use eg. paraxial.io to get the ability to review/block traffic via plugs (even though it is a bit too late, still will give you a control).
  • update to latest and greatest on ciphers / tls etc. My config if useful -

config :yourapp, yourappWeb.Endpoint,
  url: [host: "yoursite", port: 443],
  https: [
   port: 443,
   cipher_suite: :strong,
   otp_app: :meta,
   keyfile: "*** certificate files ***",
   certfile: "*** certificate files ***",
   cacertfile: "*** certificate files ***",
   honor_cipher_order: true,
   ciphers: [
    'TLS_AES_128_GCM_SHA256',
    'TLS_AES_256_GCM_SHA384',
    'TLS_CHACHA20_POLY1305_SHA256',
    'ECDHE-ECDSA-AES128-GCM-SHA256',
    'ECDHE-RSA-AES128-GCM-SHA256',
    'ECDHE-ECDSA-AES256-GCM-SHA384',
    'ECDHE-RSA-AES256-GCM-SHA384',
    'ECDHE-ECDSA-CHACHA20-POLY1305',
    'ECDHE-RSA-CHACHA20-POLY1305',
    'DHE-RSA-AES128-GCM-SHA256',
    'DHE-RSA-AES256-GCM-SHA384'
    ],
   eccs: [
    :x25519,
    :secp256r1,
    :secp384r1
    ],
   secure_renegotiate: true,
   reuse_sessions: true,
   versions: [:"tlsv1.3", :"tlsv1.2"]
  ],
  transport_options: [socket_opts: [:inet6]],
  force_ssl: [hsts: true],
  #force_ssl: [rewrite_on: [:x_forwarded_proto]],
  cache_static_manifest: "priv/static/cache_manifest.json",
  server: true,```

Also Liked

milangupta

milangupta

This is basically saying something is trying to connect to your ssl port using a protocol that isn’t configured. This isn’t a bad thing (in my humble opinion) as you should, ideally, be restricting/supporting only the latest TLS/Cipher suites.

Here is a good article I found .. https://www.baeldung.com/java-ssl-handshake-failures

BrightEyesDavid

BrightEyesDavid

If you don’t already have a reverse proxy/webserver between the internet and your app, you could try running Caddy, or Cloudflare, or both, in the hope that, when configured appropriately, they would prevent whatever request is causing your app trouble from getting to the app.

Caddy is very easy to set up and automatically handles SSL certificates.

milangupta

milangupta

There are still too many variables here and the scope of where the actual issue is, is very broad. I haven’t seen crashes like you are seeing (am running the latest elixir/phoenix stack on ubuntu).

My instincts are pointing me to the redirects .. eg. 301 is a permanent redirect .. but what is https://mysite.com ? This looks like a “default” that hasn’t been configured. You will need to go deep into SSL & DNS (as well as the Phoenix stack, i.e. configuration of your endpoint and router) to get to the bottom.

My recommendation is to keep simplifying your config until you stop seeing the issue. If you get really lucky, you will be able to recreate the crash on demand by injecting a http request to your endpoint. That would exponentially increase your chances of tracing/catching this gremlin.

Where Next?

Popular in Questions Top

baxterw3b
Hi guys, i’m new in the Elixir world, and i have to say, that i love it! i’m having some problem to understand anonymous functions with ...
New
shahryarjb
Hello, I get Persian date from my client and convert it to normal calendar like this: def jalali_string_to_miladi_english_number(persi...
New
fireproofsocks
I’m working on defining a simple Ecto schema for a table (in PostGres), but I don’t see where I can define a column as NOT NULL. Conside...
New
johnnyicon
Hi all, I’ve just started learning Elixir and Phoenix Framework, so please pardon my n00bness at this stage. I’m trying to use Postgres...
New
pmjoe
I have a relationship of love and hate with Elixir. Lots of things are just absolutely right, but there are some things that are kind of ...
New
JulienCorb
I am trying to implement my new.html.eex file to create new posts on my website. new.html.eex: <h1>Create Post</h1> <%= ...
New
Emily
I have VueJS GUIs with the project generated using Webpack. I have Elixir modules that will need to be used by the VueJS GUIs. I forese...
New
aalberti333
As the title describes, I’m trying to run Enum.map() over a list of key/value pairs, where the value is a map. My data looks like this: ...
New
dblack
I’ve got an issue with an app and I’ve no idea of how to troubleshoot it. I’m hoping someone here might have seen something similar. I p...
New
PeterCarter
There are pre-rolled solutions for other frameworks that do work. However, Phoenix does not seem to have these. Have people had good expe...
New

Other popular topics Top

aadeshere1
I have a another noob question about loop. Since elixir is immutable, while loop is not directly possible. total = 10 while total != 0 ...
New
vertexbuffer
Hello, can anybody help here..? I have a list of players and I what to delete an element, but every for loop the list is reverting to ori...
New
marius95
Hello everyone, I try to use an Javascript Event Handler in my root.html.leex file. Therefore I created a function in the app.js file: ...
New
baxterw3b
Hi guys, i’m new in the Elixir world, and i have to say, that i love it! i’m having some problem to understand anonymous functions with ...
New
pmjoe
I have a relationship of love and hate with Elixir. Lots of things are just absolutely right, but there are some things that are kind of ...
New
fireproofsocks
Forgive me if this is obvious, but how does one delete a database record WITHOUT selecting it first? Ecto.Repo — Ecto v3.14.0 has exampl...
New
stefanchrobot
What’s the safe way to decode a JSON string into a struct? I want to avoid calling String.to_atom. Jason.decode can give me a map with st...
New
aesmail
Hello guys, I have finally made it. I created an admin interface for a framework. It’s been on my todo list for years and with the curre...
New
Emily
I have VueJS GUIs with the project generated using Webpack. I have Elixir modules that will need to be used by the VueJS GUIs. I forese...
New
shijith.k
I am trying to start a new phoenix project with elixir 1.9, but mix phx.new does not work. It says that ** (Mix) The task "phx.new" could...
New

Latest on Elixir Forum

Elixir Forum

We're in Beta

About us Mission Statement