Zip bomb?

dorucrisan

dorucrisan

Verified User
Joined
Oct 23, 2021
Messages
172
Location
Bucharest / Romania
We are running some web shops, based on Prestashop platform. Zip and unzip of public_html directory from within DA File Manager is common practise. It always worked. Now, I created the zip file, but I cannot unzip, I get the error below, something about some zip bomb. I don't even know what is that. Store is running OK, no anomalies. I tried to unzip the archive on 3 different servers, with Intel or AMD CPU's. None works. Any ideea what might be and how can I instruct DA to unzip? Thanks,

1749619731444.jpeg
 
dorucrisan said:
I don't even know what is that.
Click to expand...
It's a malicous archive ment to overload the pc/server unpacking it during unpacking. It's also called decompression bomb.
I would most certainly not try to unpack this on a live production machine.

What you could do best is to copy the file to another machine, like your own pc or better test pc and try to unzip there.
If you have a Linux machine at home, don't use any tools, just use the unzip command.

However, I would advise against it, use at your own risk.

Best is to delete the file and find out how it got in there. Might be a leak in Prestashop, wouldn't be the first time.
 
Richard G said:
It's a malicous archive ment to overload the pc/server unpacking it during unpacking. It's also called decompression bomb.
I would most certainly not try to unpack this on a live production machine.

What you could do best is to copy the file to another machine, like your own pc or better test pc and try to unzip there.
If you have a Linux machine at home, don't use any tools, just use the unzip command.

However, I would advise against it, use at your own risk.

Best is to delete the file and find out how it got in there. Might be a leak in Prestashop, wouldn't be the first time.
Click to expand...
Thanks for the reply but that is my zip file, created from within DA, from working shop on working server. It is nothing malicious It just refuse to unzip..
 
Somethings must went wrong with zipping then.
Still... I would try to copy it to the pc and look if you can unzip it then with 7zip or something. Or install Winrar and you can also test zipfiles with that.
 
Richard G said:
Somethings must went wrong with zipping then.
Still... I would try to copy it to the pc and look if you can unzip it then with 7zip or something. Or install Winrar and you can also test zipfiles with that.
Click to expand...
Thanks, I will try to copy the files as they are and then try to zip and unzip on PC. Will also try to unzio as you say, thanks again.
 
I made dozens of tests on 3 different servers, all running Alma8+DA. Result is that if I make a zip of ANY public_html and try to unzip using DA File manager, it does not work. Same zip bomb error message. This is something I do for years, hundreds times with exactly same folders. The exactly same folder/files can be zipped/unzipped locally with no problem, I used Total Commander for that. I even tried on a remote VPS running Alma9+DA. Same result. Please can anyone trobleshoot and find a fix, even for a fee? It must be a change either in DA or Alma Linux due to some update, I don't know. It worked OK for years, now it does not work. I am thinking to install again CPanel after 5 years or so but I'd prefer to avoid, have working DA licences now.
I also checked the internet, some others have the same issue, it is a false positive, it is related with the size and the zip[ version, my archives are like 20G. Please any way to force DA File Manager unzip without zip bomb detection?
Thanks,
1749881982775.png
 
Last edited:
Update: I assume what is happening is due to recent update either in DA or Alma, it worked for years. I got a CPanel VPS with Alma9, just for test. Same problem there. Must be something related with Alma 8 and 9. Will test with Cloud Linux. Does not seem to be related to DA. Anyway, anybody knows how I can make EXTRACT to work in DA File Manager? Also I have to mention that RESTORE worked just fine on exact same machine from earlier date archive of same dimension (17-20G file).
 
Last edited:
UPDATE 2: IT IS A BUG IN DIRECT ADMIN ZIP
Problem is not extract/unzip, problem is compressing. Direct Admin has recently got some bug preventing to zip correctly big archives, like 15-20G. Done lots of tests, many servers, on Alma8, Alma9, Cloud Linux, all with DA and/or CPanel. They all behave the same. New big archives made from File Manager in Direct Admin recently, do not unzip. You get zipbomb message error as above on all/any machine or software combination. Older archives done exactly same way, of same files/folders., works/unzip OK in any configuration.
Please anybody can solve the bug in Direct Admin? I don't want to get back to CPanel after 5 years. Got a Cpanel/WHM VPS, it changed a lot, I am not even familiar with it anymore. If somebody working for DA needs proof I can pass credentials of a server but it does the same on all my DA servers. What I do is to compress public_html of a web shop in File Manager, result is 15-20G archive. Small archives, like 3-5G seems to work. Please help. I need to do zip/unzip on daily basis. Thanks.
 

@sewiti:​

Yes of course, I will do that, also I can pass you the credentials of one of the servers, bug is confirmed, they all do that, I have multiple metal servers in the location and 2 VPS hosted at Contabo/Germany, one is DA, one CP for tests. They all do that (unzip with error recent DA made archives). Problem is zipping not unzipping and only occured days ago and is still present. Big (15-20G) archives crash when extracting with zipbomb message as below. Older archives, same sites and same files, same dimension, unzip just fine. There is a problem in current DA version, File Manager section, when "compress and download". Compression seems to end correctly, but when extracting the created archive, cause zipbomb crush regardless the machine, OS (Alma, Cloud) or panel DA, CP.

1749966171681.jpeg


Your Ticket has been created.

Ticket #65309
 
Last edited:
UNBELIEVABLE.
I opened a ticket on that matter and support was refused as I am not entitled to support. I have 4 licenses, one old lifetime purchased years ago when it was available and 3 recent yearly licenses.
I am reporting a bug in the product, not asking any kind of personal support.
DA is not making correct archives for several days if resulted files are big (15-20G), maybe due to an update. Problem is on ALL my DA servers.
Looks like I will need to go back to CP as they have instant support. Already got a CPanel VPS at Contabo, it does not have any issue. CP is expensive though for "metal" servers, that is why I stick with DA. Also, DA looked to be faster than CP.
Please If anyone can confirm my problem, you can download a fresh archive, made 30 min ago, here:


Just try to unzip in File Manager /EXTRACT, see what you get. Must look like a list of folders with some files below, but files does not show, only the folders. There must be more files, it is only a crop but you won't get any files extracted, only the folders and zipbomb error message.

1749971399982.png
 
Last edited:
Richard G said:
Somethings must went wrong with zipping then.
Still... I would try to copy it to the pc and look if you can unzip it then with 7zip or something. Or install Winrar and you can also test zipfiles with that.
Click to expand...
Yes right, turned out that is zipping not unzipping problem. I get same error an any machine, OS or panel when unzipping recent (days) archived made with DA/Compress in File Manager. Older archives all works.
 
Last edited:
dorucrisan said:
and 3 recent yearly licenses.
Click to expand...
What are those? Because yearly licenses do not exist on modern license system and I can't remember them ever existing.

I'm sorry I can't help you further either. Seems it's some new thing in the OS which takes care of detecting zip bombs. I read a lot about it, even from bigger zip files downloaded from dropbox giving the same notice on linux when trying to unzip.

The only thing I could find is to use an environment variable:
Code: 
UNZIP_DISABLE_ZIPBOMB_DETECTION=TRUE

You could test if this works (use at own risk):
Code: 
jar xf your_file.zip

If zipping is creating a corruption when packing, you could try unzipping like this:
zip -FF filename1.zip --out filename2.zip -fz
and then unzip with:
unzip filename2.zip

If that works, then it looks like zips are corrupted during packing. If not, then it's the OS using the zip bomb detection.

I never have this issue as I always use .tar.gz (now .zst sometimes) and tar.gz can also be unpacked with winrar or 7zip.
 
Richard G said:
What are those? Because yearly licenses do not exist on modern license system and I can't remember them ever existing.

I'm sorry I can't help you further either. Seems it's some new thing in the OS which takes care of detecting zip bombs. I read a lot about it, even from bigger zip files downloaded from dropbox giving the same notice on linux when trying to unzip.

The only thing I could find is to use an environment variable:
Code: 
UNZIP_DISABLE_ZIPBOMB_DETECTION=TRUE

You could test if this works (use at own risk):
Code: 
jar xf your_file.zip

If zipping is creating a corruption when packing, you could try unzipping like this:
zip -FF filename1.zip --out filename2.zip -fz
and then unzip with:
unzip filename2.zip

If that works, then it looks like zips are corrupted during packing. If not, then it's the OS using the zip bomb detection.

I never have this issue as I always use .tar.gz (now .zst sometimes) and tar.gz can also be unpacked with winrar or 7zip.
Click to expand...
Hello Richard,
Thanks for the reply.
Re: Yearly licenses:
This is from my account, I have 3 of those:
1749999705078.png

Re: zip/unzip:
I always used it from inside the file manager, used to work in DA now it does not work for several days.
 
dorucrisan said:
Re: Yearly licenses:
Click to expand...
Ah sorry my fault, I thought you ment full licenses.
But these personal also were stopped being sold several years ago and became legacy.
No support indeed.
Thanks for clarifying, totally forgot about those, lol. :D

If the issue is happening on multiple servers then I wonder. Maybe @sewiti can tell is if this can be a DA bug since it's only happening since several days (maybe since DA update) and happening on multiple servers?

DA should be able to test something like this with big zipfils on one of their test systems.
 
Richard G said:
Ah sorry my fault, I thought you ment full licenses.
But these personal also were stopped being sold several years ago and became legacy.
No support indeed.
Thanks for clarifying, totally forgot about those, lol. :D

If the issue is happening on multiple servers then I wonder. Maybe @sewiti can tell is if this can be a DA bug since it's only happening since several days (maybe since DA update) and happening on multiple servers?

DA should be able to test something like this with big zipfils on one of their test systems.
Click to expand...
I sent them the credentials of one server, they are checking, but is same situation on all. Looks like a force update of DA is needed, also a file uploaded to unzip folder. This makes the trick but does not solve the problem, it should work easy as before.
 
I might have missed this reading the thread, but have you tried unzipping via bash on the affected servers?

NB. I don't use the File Manager at all, so not sure how it works these days.
 
LawsHosting said:
I might have missed this reading the thread, but have you tried unzipping via bash on the affected servers?

NB. I don't use the File Manager at all, so not sure how it works these days.
Click to expand...
I only use file manager and want it to work as before, with compress/extract workable functions. These days does not work.
 
You must log in or register to reply here.
Back
Top