Hi, today I saw in logs this:
http://szynszyle.info/forum/index.php?action=post;board=10.0+%5BPLM=0%5D%5BR%5D+GET+http://szynszyle.info/forum/index.php?action=register+%5B0,15253,15932%5D+-%3E+%5BR%5D+POST+http://szynszyle.info/forum/index.php?action=register+%5B0,21501,7784%5D+-%3E+%5BR%5D+POST+http://szynszyle.info/forum/index.php?action=register2+%5B0,0,12314%5D+-%3E+%5BL%5D+GET+http://szynszyle.info/forum/index.php?action=login+%5B0,5886,9549%5D+-%3E+%5BL%5D+POST+http://szynszyle.info/forum/index.php?action=login2+%5B18440,0,9616%5D+-%3E+%5BN%5D+GET+http://szynszyle.info/forum/index.php?PHPSESSID=cc9a42fd87280fd19eefd4c85eb65c63&board=10.0+%5B0,0,56724%5D+-%3E+%5BN%5D+GET+http://szynszyle.info/forum/index.php?action=post;board=10.0+%5B0,82441,2850%5D+-%3E+%5BN%5D+POST+http://szynszyle.info/forum/index.php?action=post2;start=0;board=10+%5B0,0,93864%5D+Result:+using+proxy+221.130.199.121:80;+chosen+nickname+%22jaeo%22;+captcha+recognized;+success;+BB-code+not+working;2: session_start() [<a href='function.session-start'>function.session-start</a>]: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'
File: /public_html/forum/Sources/Load.php
Line: 2402
Here's part of Load.php:
2382: }
2383:
2384: // Use database sessions? (they don't work in 4.1.x!)
2385: if (!empty($modSettings['databaseSession_enable']) && @version_compare(PHP_VERSION, '4.2.0') != -1)
2386: {
2387: session_set_save_handler('sessionOpen', 'sessionClose', 'sessionRead', 'sessionWrite', 'sessionDestroy', 'sessionGC');
2388: @ini_set('session.gc_probability', '1');
2389: }
2390: elseif (@ini_get('session.gc_maxlifetime') <= 1440 && !empty($modSettings['databaseSession_lifetime']))
2391: @ini_set('session.gc_maxlifetime', max($modSettings['databaseSession_lifetime'], 60));
2392:
2393: // Use cache setting sessions?
2394: if (empty($modSettings['databaseSession_enable']) && !empty($modSettings['cache_enable']) && php_sapi_name() != 'cli')
2395: {
2396: if (function_exists('mmcache_set_session_handlers'))
2397: mmcache_set_session_handlers();
2398: elseif (function_exists('eaccelerator_set_session_handlers'))
2399: eaccelerator_set_session_handlers();
2400: }
2401:
==>2402: session_start();
2403:
2404: // Change it so the cache settings are a little looser than default.
2405: if (!empty($modSettings['databaseSession_loose']))
2406: header('Cache-Control: private');
2407: }
2408:
2409: // While PHP 4.1.x should use $_SESSION, it seems to need this to do it right.
2410: if (@version_compare(PHP_VERSION, '4.2.0') == -1)
2411: $HTTP_SESSION_VARS['php_412_bugfix'] = true;
2412:
2413: // Set the randomly generated code.
2414: if (!isset($_SESSION['session_var']))
2415: {
2416: $_SESSION['session_value'] = md5(session_id() . mt_rand());
2417: $_SESSION['session_var'] = substr(preg_replace('~^\d+~', '', sha1(mt_rand() . session_id() . mt_rand())), 0, rand(7, 12));
2418: }
2419: $sc = $_SESSION['session_value'];
2420: }
2421:
2422: function sessionOpen($save_path, $session_name)
Forum version: 2.0.4
Installed mods:
SimplePortal 2.3.5,
Stop Forum Spam 1.0,
notCaptcha 1.06.
Board with ID 10 is board where guests can post new topics and reply to other topics.
What can cause this errors?
What log is that exactly?
SMF Error log
That smells like a hack attempt. I don't think there's actually anything you can directly do about it - but I don't know why the guest user session isn't being properly validated elsewhere. (2.0.3 did change that, but it still should be validating it against the list of characters referred to)