[ZendTo] Chunk name missing or too long

Solodow, Damien dsolodow at gaylor.com
Thu Jul 9 16:18:54 BST 2020 

It was the same user, IP, etc.
Looks to be a single user thus far; using Firefox.
Found out about it because they hit me up to report that “shows an upload window, then kaput; no error messages”. Was only like a 60mb file they were trying to upload.

 ​
[Gaylor Electric logo]<https://gaylor.com/>
[Gaylor Electric Website]<https://gaylor.com/>
[Facebook]<https://www.facebook.com/gaylorelectric>
[Twitter]<https://www.twitter.com/gaylorelectric>
[LinkedIn]<https://www.linkedin.com/company/gaylor-inc-/>
Damien Solodow
IS System Administrator
Gaylor Electric, Inc.
5750 Castle Creek Pkwy N Drive, Suite 400
Indianapolis
,
IN
.
46250
O: 317.815.3103<tel:317.815.3103>
|
M: 317.506.8521<tel:317.506.8521>
317.759.0077 <https://help.gaylor.com/> emergency <https://help.gaylor.com/> IS support<https://help.gaylor.com/>

From: Jules <Jules at Zend.To>
Sent: Thursday, July 9, 2020 11:16 AM
To: ZendTo Users <zendto at zend.to>
Cc: Solodow, Damien <dsolodow at gaylor.com>
Subject: Re: [ZendTo] Chunk name missing or too long

Damien,

Does the log show if any of the errors have anything in common, at all?
Same user, same IP, same anything?
Are you still getting these errors?
If so, how often (compared with some indication of the traffic your ZendTo site usually gets)?

The "chunk name" is a random string created by the user's web browser. But I do sanity-check it thoroughly on the server.
So it may be nothing more than some "penetration tester" (to be polite) trying to use all sorts of other strings and disallowed characters in the "chunk name" in order to see if they can break it.

Because the chunked uploading is relatively new in ZendTo, there are probably all sorts of lovely people out there trying to see if they can do JavaScript injection, SQL injection, all sorts of unpleasant things by subverting the new feature.

If none of your users are complaining, and you only see these occasionally, then I wouldn't worry too much about this.

Cheers,
Jules.

On 09/07/2020 14:14, Solodow, Damien via ZendTo wrote:
Running 6.03-3 on Ubuntu 18.04 LTS
Seeing a few lines of “Error: Chunk name missing or too long” in the system log. Chunk size is set to the default 50mb, but I didn’t see anything in preferences.php about chunk name.

 ​
[Gaylor                                                            Electric logo]<https://gaylor.com/>
[Gaylor                                                            Electric                                                            Website]<https://gaylor.com/>
[Facebook]<https://www.facebook.com/gaylorelectric>
[Twitter]<https://www.twitter.com/gaylorelectric>
[LinkedIn]<https://www.linkedin.com/company/gaylor-inc-/>
Damien Solodow
IS System Administrator
Gaylor Electric, Inc.
5750 Castle Creek Pkwy N Drive, Suite 400
Indianapolis
,
IN
.
46250
O: 317.815.3103<tel:317.815.3103>
|
M: 317.506.8521<tel:317.506.8521>
317.759.0077 <https://help.gaylor.com/> emergency <https://help.gaylor.com/> IS support<https://help.gaylor.com/>




_______________________________________________

ZendTo mailing list

ZendTo at zend.to<mailto:ZendTo at zend.to>

http://jul.es/mailman/listinfo/zendto



Jules



--

Julian Field MEng CEng CITP MBCS MIEEE MACM



'The best and most beautiful things in life cannot be seen or even

 touched; they must be felt with the heart.' - Helen Keller



www.Zend.To<http://www.Zend.To>

Twitter: @JulesFM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20200709/75b82b17/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 1014 bytes
Desc: image006.jpg
URL: <http://jul.es/pipermail/zendto/attachments/20200709/75b82b17/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5535 bytes
Desc: image001.png
URL: <http://jul.es/pipermail/zendto/attachments/20200709/75b82b17/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.jpg
Type: image/jpeg
Size: 1014 bytes
Desc: image007.jpg
URL: <http://jul.es/pipermail/zendto/attachments/20200709/75b82b17/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.png
Type: image/png
Size: 713 bytes
Desc: image008.png
URL: <http://jul.es/pipermail/zendto/attachments/20200709/75b82b17/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image009.png
Type: image/png
Size: 852 bytes
Desc: image009.png
URL: <http://jul.es/pipermail/zendto/attachments/20200709/75b82b17/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image010.png
Type: image/png
Size: 774 bytes
Desc: image010.png
URL: <http://jul.es/pipermail/zendto/attachments/20200709/75b82b17/attachment-0007.png>

More information about the ZendTo mailing list