Mime::Type::InvalidMimeType - Is this a hacking attack?

Hello Everybody,

Should i do something with it? We get probably 2 times a day. The addheader is always different random.

Thanks for your response :slightly_smiling_face:

From logs:

INFO
Mime::Type::InvalidMimeType ("%{#context['com.opensymphony.xwork2.dispatcher.httpservletresponse'].addheader('lffk5fkc'" is not a valid MIME type)
lib/middleware/omniauth_bypass_middleware.rb:71:in `call'
lib/content_security_policy/middleware.rb:12:in `call'
lib/middleware/anonymous_cache.rb:353:in `call'
config/initializers/008-rack-cors.rb:25:in `call'
config/initializers/100-quiet_logger.rb:23:in `call'
config/initializers/100-silence_logger.rb:31:in `call'
lib/middleware/enforce_hostname.rb:23:in `call'
lib/middleware/request_tracker.rb:177:in `call'
BACKTRACE
actionpack (6.0.3.5) lib/action_dispatch/http/mime_type.rb:235:in `initialize'

actionpack (6.0.3.5) lib/action_dispatch/http/mime_type.rb:143:in `new'

actionpack (6.0.3.5) lib/action_dispatch/http/mime_type.rb:143:in `lookup'

actionpack (6.0.3.5) lib/action_dispatch/http/mime_negotiation.rb:23:in `block in content_mime_type'

rack (2.2.3) lib/rack/request.rb:69:in `fetch'

rack (2.2.3) lib/rack/request.rb:69:in `fetch_header'

actionpack (6.0.3.5) lib/action_dispatch/http/mime_negotiation.rb:21:in `content_mime_type'

actionpack (6.0.3.5) lib/action_dispatch/http/request.rb:263:in `media_type'

actionpack (6.0.3.5) lib/action_dispatch/http/request.rb:348:in `form_data?'

rack (2.2.3) lib/rack/request.rb:445:in `POST'

actionpack (6.0.3.5) lib/action_dispatch/http/request.rb:390:in `block (2 levels) in POST'

actionpack (6.0.3.5) lib/action_dispatch/http/parameters.rb:106:in `parse_formatted_parameters'

actionpack (6.0.3.5) lib/action_dispatch/http/request.rb:389:in `block in POST'

rack (2.2.3) lib/rack/request.rb:69:in `fetch'

rack (2.2.3) lib/rack/request.rb:69:in `fetch_header'

actionpack (6.0.3.5) lib/action_dispatch/http/request.rb:388:in `POST'

actionpack (6.0.3.5) lib/action_dispatch/http/parameters.rb:55:in `parameters'

actionpack (6.0.3.5) lib/action_dispatch/http/mime_negotiation.rb:66:in `block in formats'

rack (2.2.3) lib/rack/request.rb:69:in `fetch'

rack (2.2.3) lib/rack/request.rb:69:in `fetch_header'

actionpack (6.0.3.5) lib/action_dispatch/http/mime_negotiation.rb:64:in `formats'

actionpack (6.0.3.5) lib/action_dispatch/http/mime_negotiation.rb:60:in `format'

actionpack (6.0.3.5) lib/action_dispatch/journey/route.rb:168:in `block in matches?'

actionpack (6.0.3.5) lib/action_dispatch/journey/route.rb:165:in `each'

actionpack (6.0.3.5) lib/action_dispatch/journey/route.rb:165:in `all?'

actionpack (6.0.3.5) lib/action_dispatch/journey/route.rb:165:in `matches?'

actionpack (6.0.3.5) lib/action_dispatch/journey/router.rb:148:in `block in match_routes'

actionpack (6.0.3.5) lib/action_dispatch/journey/router.rb:148:in `select'

actionpack (6.0.3.5) lib/action_dispatch/journey/router.rb:148:in `match_routes'

actionpack (6.0.3.5) lib/action_dispatch/journey/router.rb:116:in `find_routes'

actionpack (6.0.3.5) lib/action_dispatch/journey/router.rb:32:in `serve'

actionpack (6.0.3.5) lib/action_dispatch/routing/route_set.rb:834:in `call'

lib/middleware/omniauth_bypass_middleware.rb:71:in `call'

rack (2.2.3) lib/rack/tempfile_reaper.rb:15:in `call'

rack (2.2.3) lib/rack/conditional_get.rb:27:in `call'

rack (2.2.3) lib/rack/head.rb:12:in `call'

lib/content_security_policy/middleware.rb:12:in `call'

lib/middleware/anonymous_cache.rb:353:in `call'

config/initializers/008-rack-cors.rb:25:in `call'

rack (2.2.3) lib/rack/session/abstract/id.rb:266:in `context'

rack (2.2.3) lib/rack/session/abstract/id.rb:260:in `call'

actionpack (6.0.3.5) lib/action_dispatch/middleware/cookies.rb:648:in `call'

actionpack (6.0.3.5) lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'

activesupport (6.0.3.5) lib/active_support/callbacks.rb:101:in `run_callbacks'

actionpack (6.0.3.5) lib/action_dispatch/middleware/callbacks.rb:26:in `call'

actionpack (6.0.3.5) lib/action_dispatch/middleware/actionable_exceptions.rb:18:in `call'

actionpack (6.0.3.5) lib/action_dispatch/middleware/debug_exceptions.rb:32:in `call'

actionpack (6.0.3.5) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'

logster (2.9.6) lib/logster/middleware/reporter.rb:43:in `call'

railties (6.0.3.5) lib/rails/rack/logger.rb:37:in `call_app'

railties (6.0.3.5) lib/rails/rack/logger.rb:28:in `call'

config/initializers/100-quiet_logger.rb:23:in `call'

config/initializers/100-silence_logger.rb:31:in `call'

actionpack (6.0.3.5) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'

actionpack (6.0.3.5) lib/action_dispatch/middleware/request_id.rb:27:in `call'

lib/middleware/enforce_hostname.rb:23:in `call'

rack (2.2.3) lib/rack/method_override.rb:24:in `call'

actionpack (6.0.3.5) lib/action_dispatch/middleware/executor.rb:14:in `call'

rack (2.2.3) lib/rack/sendfile.rb:110:in `call'

actionpack (6.0.3.5) lib/action_dispatch/middleware/host_authorization.rb:76:in `call'

rack-mini-profiler (2.3.1) lib/mini_profiler/profiler.rb:248:in `call'

message_bus (3.3.4) lib/message_bus/rack/middleware.rb:61:in `call'

lib/middleware/request_tracker.rb:177:in `call'

railties (6.0.3.5) lib/rails/engine.rb:527:in `call'

railties (6.0.3.5) lib/rails/railtie.rb:190:in `public_send'

railties (6.0.3.5) lib/rails/railtie.rb:190:in `method_missing'

rack (2.2.3) lib/rack/urlmap.rb:74:in `block in call'

rack (2.2.3) lib/rack/urlmap.rb:58:in `each'

rack (2.2.3) lib/rack/urlmap.rb:58:in `call'

unicorn (6.0.0) lib/unicorn/http_server.rb:634:in `process_client'

unicorn (6.0.0) lib/unicorn/http_server.rb:732:in `worker_loop'

unicorn (6.0.0) lib/unicorn/http_server.rb:547:in `spawn_missing_workers'

unicorn (6.0.0) lib/unicorn/http_server.rb:143:in `start'

unicorn (6.0.0) bin/unicorn:128:in `<top (required)>'

vendor/bundle/ruby/2.7.0/bin/unicorn:23:in `load'

vendor/bundle/ruby/2.7.0/bin/unicorn:23:in `<main>'

Yeah it is most likely a badly-behaved bot trying out different injection techniques.

I just checked our internal instance and it looks like we have /^Mime::Type::InvalidMimeType/ added as an ignore pattern in /logs/settings. Likely #pr-welcome if someone would like to try stopping this kind of log at the source.

3 Likes

Iā€™m also getting this log as well