Error 500 on user login

[luckydonald]

I'm unable to login to my selfhosted instance. Emails are not redirected either. v1.1.0

Don't know what could have changed. I'm seeing no log output on the php docker.

[luckydonald]

Seems to be mariadb upgraded but not the schema (???), and causing a lot of fails:

anonaddy_db    | 2022-06-07 20:24:00 283 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'hist_type' at position 9 to have type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB'), found type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB').
anonaddy_db    | 2022-06-07 20:24:00 283 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'histogram' at position 10 to have type longblob, found type varbinary(255).

Which is weird, as I did not upgrade mariadb recently.

[luckydonald]

Oh sorry @willbrowningme. Thought it was a software issue at first.

Well, it was not.

[crazy-max]

Your DB might have been publicly exposed because of bad configuration in your stack I assume. What's your compose configuration looks like? DB is not exposed in our examples: https://github.com/anonaddy/docker/blob/fd6c9fba9578499f7704047d628c59556d9dcbc7/examples/compose/compose.yml#L4-L18

[luckydonald]

The compose file uses the provided example.

.env

MYSQL_USER=luckydonald
MYSQL_PASSWORD=2346ljkdfjsdfgj32409#1215t24399DHKZ45z9bdß043tkldvsvbjn4btn-asdfag,sf342659023

All I added was a phpmyadmin container, adding the service as in their example compose.

I would log in with the user luckydonald and the secure password 2346ljkdfjsdfgj32409#1215t24399DHKZ45z9bdß043tkldvsvbjn4btn-asdfag,sf342659023 there.

[crazy-max]

All I added was a phpmyadmin container

Not sure if you don't share your compose file and we also don't have anything like this in our examples. If you expose your phpmyadmin instance publicly with the internal db exposed through it then it's probably why your db got hacked.

Closing as this is not reproducible with our exmaples.

[luckydonald]

I don't understand why you deliberately want the root user to have the very insecure password "" without documenting that...

[luckydonald]

then it's probably why your db got hacked.

It didn't got hacked, someone used the default password you set to "root" with the password "" .

[crazy-max]

I don't understand why you deliberately want the root user to have the very insecure password "" without documenting that...

What is provided in https://github.com/anonaddy/docker/tree/master/examples are just examples to have a anonaddy compose stack running. Up to anyone to tweak it based on their needs but setting root password in our examples is not needed as the db is only exposed to the app. You can either use https://mariadb.com/kb/en/mariadb-server-docker-official-image-environment-variables/#mariadb_random_root_password-mysql_random_root_password or https://mariadb.com/kb/en/mariadb-server-docker-official-image-environment-variables/#mariadb_root_password_hash-mariadb_root_password-mysql_root_password if you need to in your case.

I would not mind if we set MARIADB_RANDOM_ROOT_PASSWORD=yes in our examples instead.

[luckydonald]

That's a good solution. Thanks.