Cannot log in second time after fresh install v4.1.0 #17019
Comments
|
Hmmm restarting the docker container seemed to have resolved it. Strange. |
tsteur
added
the
answered
|
If your situation is like mine, it will happen again. I seem to run into this issue ever couple of weeks. Sure, restarting the docker container gets it going again, but it's not a fix. |
|
Yup, you're exactly right. Also, a new issue I have been having that is also solved by restarting it and probably related: if I am already logged in, then the main page just doesn't load entirely and is blank. It loads the navbar and left side, but not the main widgets. Settings page works fine. |
|
yup, this matches what I am experiencing. |
|
Some additional feedback. In the 'post logged in state' where the navigation portions of the page load, but the data/content portions don't, there is also JS errors being thrown on the console. In addition, when trying to log back in from this error state, a URL fragment is injected into the page, just after the BODY opening tag. It does this weather Remember is check or not |
|
This is happening very frequently. At this point I SSH in every time I need to access Matomo because I will probably need to restart it to access it or at some point while accessing it. Are there further steps we can take to debug? |
|
So... I appear to have fixed my instance while chasing down a different issue, it's a bit of a stretch but worth looking into.
my understanding is the kinsing malware deletes a bunch of temp files on start and this could be causing session corruption. Again, it's a stretch but it seems to be working here. |
|
Holy cow well this is a big deal. The only ports we have open are 22 (SSH w/ fail2ban & the Mozilla security spec) and 443 (Nginx running outside of Docker, fully patched). All other ports blocked with UFW. The good thing is that the malware appears to be contained within the Matomo docker container. I am suspicious that the container may have shipped with it, but that seems unlikely. |
|
Aha. UFW + Docker was the problem. Luckily this server was not in production yet, so I can wipe it and start over to be sure. |
|
So this appears to be the culprit?
Would be helpful for other if you elaborate on this a bit more. |
|
Both Docker and UFW use iptables to manage traffic. However, Docker does not follow the rules set by UFW. So closing ports with UFW won't actually affect Docker. There isn't really an official solution to this problem. There are some workarounds, but they all have their issues (no internet in containers, no IPv6, etc.). My solution is to ensure that nothing is listening on 0.0.0.0 from Docker, but this is annoying nonetheless. |
|
did find evidence of the malware? |
|
Yup, it was contained in the Matomo container (Docker did its job), but I am going to wipe the machine anyway. |
I have newly installed Matomo via docker with FPM and Nginx. I was able to log in after setting it up and everything worked fine, but upon attempting to login the next day I see this error:
And in the Nginx logs I see:
If I check the "Remember Me" box and login, then I see:
And in Nginx:
This is the latest Matomo v4.1.0. Matomo/PHP/FPM and MariaDB are in Docker, Nginx is running directly on Debian 10.
The text was updated successfully, but these errors were encountered: