Very Weird Errors in Security.php

[br360]

It looks like I am having the same issue as this other member here- http://www.simplemachines.org/community/index.php?topic=513216.0

Out of the blue and in like a 2 minute span, I received countless errors (actually the time stamp on just about all of them were exactly the same time, down to the second.)

The General error is: (69 errors)

Guest

URLxxxx/index.php?action=loginApply
2: in_array() expects parameter 2 to be array, null given
File: /home/content/xx/xxxxx/html/Sources/Security.php
Line: 831

and same error on for line 834

Undefined: (104 errors)

Guest

xxxx/index.php?action=loginApply Filter: Only show the errors with the same message
8: Undefined index: permissions
File: /home/content/xx/xxxxx/html/Sources/Security.php
Line: 831
   
and a few critical errors saying that they have reached the too many login chances.

Like in the other thread, all it says is guest with no ip address. I don't have the email mod installed like he did, I haven't installed any mods in months, and my version is 2.0.6

The security.php errors are obviously concerning to me. Anyone have any idea what these errors are, and just how concerned should I be?

[Arantor]

Exactly as I said to the other guy: you have a mod that's calling for a permission check before the permissions are actually loaded.

[br360]

Ok. I am happy to post my mods if it helps, but is this a potential serious issue, or just what they are trying to do- but are getting blocked because they don't have the permission?


I also just noticed two more errors they were generating in subs.php-


httpmysite.com/index.php?action=login
Filter: Invalid argument supplied for foreach()
File: /home/content/xx/xxxx/html/Sources/Load.php
Line: 1579

mysite.com/index.php?action=login
Filter: 2: implode() [<a href='function.implode'>function.implode</a>]: Invalid arguments passed
File: /home/content/xx/xxxxx/html/Sources/Subs.php
Line: 3959

Those two don't appear to be permission based but obviously every error is based on them trying an action=login.

[Arantor]

Well, it should still be returning false (no permission available) so I don't think it's *serious* but it is an issue that should be looked at.

the others would depend on what they're trying to do on those lines, what's on those lines?

[br360]

Code Select Expand

1565:
1566: // And just a few mod settings :).
1567: $modSettings['smileys_url'] = strtr($modSettings['smileys_url'], array($oldurl => $boardurl));
1568: $modSettings['avatar_url'] = strtr($modSettings['avatar_url'], array($oldurl => $boardurl));
1569:
1570: // Clean up after loadBoard().
1571: if (isset($board_info['moderators']))
1572: {
1573: foreach ($board_info['moderators'] as $k => $dummy)
1574: {
1575: $board_info['moderators'][$k]['href'] = strtr($dummy['href'], array($oldurl => $boardurl));
1576: $board_info['moderators'][$k]['link'] = strtr($dummy['link'], array('"' . $oldurl => '"' . $boardurl));
1577: }
1578: }
==>1579: foreach ($context['linktree'] as $k => $dummy)
1580: $context['linktree'][$k]['url'] = strtr($dummy['url'], array($oldurl => $boardurl));

Code Select Expand

3958: // All the buttons we can possible want and then some, try pulling the final list of buttons from cache first.
==>3959: if (($menu_buttons = cache_get_data('menu_buttons-' . implode('_', $user_info['groups']) . '-' . $user_info['language'] . '-' . empty($context['disable_sp']), $cacheTime)) === null || time() - $cacheTime <= $modSettings['settings_updated'])
3960: {
3961: $buttons = array(
3962: 'home' => array(
3963: 'title' => $txt['home'],
3964: 'href' => $modSettings['sp_portal_mode'] == 3 && empty($context['disable_sp']) ? $modSettings['sp_standalone_url'] : $scripturl,
3965: 'show' => true,
3966: 'sub_buttons' => array(
3967: ),
3968: 'is_last' => $context['right_to_left'],

and a couple of others in subs.php:

Code Select Expand


3285: // Figure out how long they've been logged in.
3286: $context['user']['total_time_logged_in'] = array(
3287: 'days' => floor($user_info['total_time_logged_in'] / 86400),
3288: 'hours' => floor(($user_info['total_time_logged_in'] % 86400) / 3600),
==>3289: 'minutes' => floor(($user_info['total_time_logged_in'] % 3600) / 60)

Code Select Expand

751: // Offset the time.
752: if (!$offset_type)
==>753: $time = $log_time + ($user_info['time_offset'] + $modSettings['time_offset']) * 3600;
754: // Just the forum offset?

[Arantor]

Yeah you got something screwing around trying to run code before the user has properly been loaded, i.e. a badly written mod or two.

[br360]

Me being more or less a novice still, any ideas? Obviously look at my mods installed, but not exactly sure what I would be looking for.

edit-Just looked at all of my files, and the only things changed with today's date on it are the attachments and the cache. Just looked through both and didn't see anything out of the ordinary.

[Arantor]

That's the thing, off hand neither have I. If I had an idea what you had, I might be able to narrow it down.

[br360]

ok, here is a list of my installed mods if it helps at all-

1. Vimeo_bbc_code_Mod    1.0     
2. SimpleColorizer    1.1     
3. Disable 'last edit by...' for Administrators    1.9     
4. nneonneo's AJAX ShoutBox    1.22     
5. Add Join Date to Post    1.0     
6. PM Readed    1.1     
7. Remove "Last edit" mod    0.2     
8. Board Sort Methods    RC3.o     
9. BK-SMF Sub-Board    1.5     
10. SMF Theme Changer    1.0.1     
11.   Admin Toolbox    1.0     
12.   Random Banner (Above Forum)   0.6   
13.   SMF 2.0.3 Update    1.0     
14.   Referrals System    3.0.3     
15.   Ohara YouTube Embed    1.0     
16.   Page Management    1.4   
17.   Tidy Child Boards    1.4     
18.   Hide Ignored Boards    1.1     
19.   Remove XHTML, RSS & WAP2 Links in Footer    v1.1     
20.   Next Post Level    1.3.3     
21.   SMF 2.0.4 Update    1.0     
22.   Search Focus Dropdown    1.6.1     
23.   Age And Location    1.0     
24.   Adk Personal Icon forums    1.0     
25.   Group Online Status    1.0     
26.   6 Custom buttons / tabs with Sub Menus (4)    0.5     
27.   SimpleAds    1.0.1     
28.   SMF 2.0.5 Update    1.0     
29.   Alternate User Posting    1.0.1     
30.   BK-SMF Favicon and Custom Global HTML    1.0
31.   SMF 1.1.19 / 2.0.6 Update    1.0

[Arantor]

Hmm, nothing there strikes me as being a likely candidate

[br360]

Yeah me either. I just went through every one of those mods that had a subs.php file edit, and nothing looked even remotely connected.

I haven't seen any errors in the last 3 1/2 hours, and like I said earlier; haven't seen any changes in any files, so who knows.

I value your knowledge and opinion here, so any other recommendations or things I should be worried about?

[Arantor]

It's not going to be a Subs.php edit, that's totally irrelevant.

The point is something is querying $user_info stuff before it even exists.

[br360]

Forgive my ignorance, but although I kind of see what you are talking about, I'm not really all that sure. Does this mean that someone/thing has hacked my site, or attempting to hack it? Is this just a script that they are trying to inject but failing to do so?

If not subs.php, where do you suggest I start looking?

[Arantor]

Well, during startup, SMF identifies the current user from the provided cookies and then proceeds to load their details and their permissions. All this stuff is loaded in to $user_info.

Something on your site, which could be a bad mod, is trying to look at $user_info before its contents are properly defined.

Is it a hack? Sure, it's possible though unlikely. Is it a script trying to inject? Sure, it's possible though unlikely.

There's at least 10 files to be looking at, which are the standard loaded core files (index.php, Settings.php, Errors.php, Load.php, Subs.php, Security.php, QueryString.php, index.language.php, Modifications.language.php, index.template.php), plus anything loaded via hooks, plus anything for the specific action in question (e.g. in your examples, LogInOut.php for action=login, plus its language file, plus any template it loads)

[br360]

Ok. Thanks for that. I'll start looking through the core files, and see if I notice anything wonky.

[Angelina Belle]

Any luck?

Have you tried disabling or uninstalling any of your mods, to identify any that make the problem go away when they are gone?

[br360]

No, not really. I looked through the files Arantor suggested, but with my limited coding abilities, didn't really notice anything out of the ordinary.

I'm really not sure if disabling any mods would help track down the issue all that much because in the 2 plus years my site has been up, this has only happened twice- the time when I started the thread, and another time a couple of weeks later. (mostly the exact same errors, and all coming from "guest" with no ip address at all)

[Arantor]

What we really need is some way to get more thorough debugging information into the log to trace it properly.

I should add that in 2.1.

[iain sherriff]

Has there been any development that can trace debugging relating to this
http://www.simplemachines.org/community/index.php?topic=538016.msg3831081#msg3831081
I'm getting similar errors at random now

[Steve]

Seriously? Another thread hijack? And a 2 year old one at that? If you post in your own active thread again, linking to this or any other thread you want to, it will bring your problem back to the support staff's attention.