noisyscanner Posted February 2, 2010 Share Posted February 2, 2010 Hello! Sorry if this is real OBVIOUS (I'm new to rails) but.. On my website (noisyscripts.tk) when I access my Ruby on Rails application I get the 500 error before anything else. In my logs, they show this: /!\ FAILSAFE /!\ Mon Feb 01 11:59:47 -0800 2010 Status: 500 Internal Server Error IP spoofing attack?! HTTP_CLIENT_IP="82.26.173.10" HTTP_X_FORWARDED_FOR="82.26.173.10, 62.30.249.129" This happens when I access the app from a Virgin Media broadband connection. It also has a bunch of stuff like this: /usr/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/request.rb:146:in `remote_ip' /usr/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/base.rb:1223:in `request_origin' /usr/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/base.rb:1150:in `log_processing' /usr/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/base.rb:528:in `process_without_filters' /usr/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/filters.rb:569:in `process_without_session_management_support' /usr/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/session_management.rb:130:in `process' /usr/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/base.rb:389:in `process' /usr/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/dispatcher.rb:149:in `handle_request' /usr/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/dispatcher.rb:107:in `dispatch' /usr/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/dispatcher.rb:104:in `synchronize' /usr/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/dispatcher.rb:104:in `dispatch' /usr/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/dispatcher.rb:120:in `dispatch_cgi' /usr/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/dispatcher.rb:35:in `dispatch' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel/rails.rb:76:in `process' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel/rails.rb:74:in `synchronize' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel/rails.rb:74:in `process' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel.rb:159:in `process_client' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel.rb:158:in `each' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel.rb:158:in `process_client' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel.rb:285:in `run' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel.rb:285:in `initialize' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel.rb:285:in `new' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel.rb:285:in `run' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel.rb:268:in `initialize' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel.rb:268:in `new' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel.rb:268:in `run' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel/configurator.rb:282:in `run' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel/configurator.rb:281:in `each' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel/configurator.rb:281:in `run' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/mongrel_rails:128:in `run' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/../lib/mongrel/command.rb:212:in `run' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/mongrel_rails:281 /usr/bin/mongrel_rails:19:in `load' /usr/bin/mongrel_rails:19 Apparantly there is a fix which involvs tweaking some code in the "/usr/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/request.rb" file. This disables the IP Spoof check. Or in the latest version of rails this bug has been fixed. If an admin could upgrade rails to the latest version or edit that file I would be really greatful. Thanks, Noisyscanner Link to comment Share on other sites More sharing options...
Wizard Posted February 2, 2010 Share Posted February 2, 2010 This support request is being escalated to our root admin. Provide your username next time. noisyscripts.tk Link to comment Share on other sites More sharing options...
noisyscanner Posted February 2, 2010 Author Share Posted February 2, 2010 Ok thanks my username is: brad291 Link to comment Share on other sites More sharing options...
Ashoat Posted February 2, 2010 Share Posted February 2, 2010 I'm pretty confident this isn't a bug with RoR. If it is, you should submit it the RoR folks. My guess is that you're running a buggy application. What are you trying to run? Link to comment Share on other sites More sharing options...
noisyscanner Posted February 2, 2010 Author Share Posted February 2, 2010 It can't be my application, all it is doing is doing is fetching some data from a database and printing it to the screen. This works fine through an online anonymous surfing site. I think the rails team actually confirmed this bug sometimes happens and released a fix in the latest version. PS if you were perhaps intereseted in the patch it is a short thing here http://s3.amazonaws.com/activereload-light...nDgazh1VztMM%3D Link to comment Share on other sites More sharing options...
Ashoat Posted February 2, 2010 Share Posted February 2, 2010 Unfortunately, I'm not comfortable patching the server-wide Rails libraries. Have the RoR developers pushed the fix? Link to comment Share on other sites More sharing options...
noisyscanner Posted February 2, 2010 Author Share Posted February 2, 2010 Link to comment Share on other sites More sharing options...
Ashoat Posted February 2, 2010 Share Posted February 2, 2010 Okay, I've updated to RoR 2.3.5. Link to comment Share on other sites More sharing options...
noisyscanner Posted February 3, 2010 Author Share Posted February 3, 2010 Thanks for updating that.. But cPanel doesn't seem to agree with it. 1) When you create an app it only creates a blank folder. 2) When you start and app it doesn't do anything. Would there be a reason why cPanel would do this? Link to comment Share on other sites More sharing options...
Ashoat Posted February 3, 2010 Share Posted February 3, 2010 Can you try that again? Link to comment Share on other sites More sharing options...
noisyscanner Posted February 4, 2010 Author Share Posted February 4, 2010 It's still acting the same, Djbob. Link to comment Share on other sites More sharing options...
Ashoat Posted February 6, 2010 Share Posted February 6, 2010 Okay, I have submitted a support ticket to the cPanel folks. We'll see if they can figure this out. Link to comment Share on other sites More sharing options...
kpd100 Posted February 9, 2010 Share Posted February 9, 2010 Okay, I've updated to RoR 2.3.5. Rails 2.3.5 requires RubyGems >= 1.3.2 (you have 1.2.0). Please `gem update --system` and try again. Link to comment Share on other sites More sharing options...
Ashoat Posted February 9, 2010 Share Posted February 9, 2010 If that were true, I would expect the installer to error out. Do you have any proof of this? Link to comment Share on other sites More sharing options...
Ashoat Posted February 10, 2010 Share Posted February 10, 2010 Okay, the cPanel folks are reporting that the issue is fixed. Link to comment Share on other sites More sharing options...
Recommended Posts