Text only | Text with Images

Simple Machines Community Forum

SMF Support => SMF 2.0.x Support => Topic started by: Jeff B on September 25, 2018, 09:16:09 AM

Title: Suspicious error email
Post by: Jeff B on September 25, 2018, 09:16:09 AM
Yesterday an email was somehow generated to all of our forum admins.

The following error occurred when processing a paid subscription
---------------------------------------------------------------
Paid subscription handler could not recover member ID


We do not use the paid subscription function, although I had looked at it certainly over a year ago and set up a test subscription, but never added a member to it or anything. I did delete the test and disabled the function under core features.

How might this happen? I want to be sure nothing nefarious going on.
Title: Re: Suspicious error email
Post by: Looking on September 25, 2018, 09:19:44 AM
You have more than 1 forum admin? That in itself is a risk, how many admins are we talking about?
Title: Re: Suspicious error email
Post by: vbgamer45 on September 25, 2018, 09:26:49 AM
A request that is sent to subscriptions.php some times could be caused by automated bot.
Title: Re: Suspicious error email
Post by: Jeff B on September 25, 2018, 09:29:22 AM
Quote from: Looking on September 25, 2018, 09:19:44 AM
You have more than 1 forum admin? That in itself is a risk, how many admins are we talking about?

That is NOT an issue. My admins have been with me for 18 years. We started our forum with YaBB in 2000, and have progressef through the software variations to where we are now. They are no more of a risk than I am.  8 is the answer however.
Title: Re: Suspicious error email
Post by: Sir Osis of Liver on September 25, 2018, 06:28:06 PM
That error comes from subscriptions.php here -

Code Select


// Get the subscription and member ID amoungst others...
@list ($subscription_id, $member_id) = $gatewayClass->precheck();

// Integer these just in case.
$subscription_id = (int) $subscription_id;
$member_id = (int) $member_id;

// This would be bad...
if (empty($member_id))
generateSubscriptionError($txt['paid_empty_member']);



I suppose it's possible someone tried to hack a subscription, but wouldn't know how to get subscriptions.php to throw that error by direct request.  Subscription will not activate without verification from PayPal, so any attempt to hack a sub would fail.

Title: Re: Suspicious error email
Post by: Jeff B on September 01, 2020, 10:20:47 AM
We just had this happen again this morning. almost 2 years later.
Title: Re: Suspicious error email
Post by: Sir Osis of Liver on September 01, 2020, 04:34:39 PM
Wouldn't worry about it if it's only happened twice.  subscriptions.php will respond to inputs even if paid subs is disabled (try this - https://www.simplemachines.org/community/subscriptions.php).  Best guess is bots threw some crap at it to see what it does.  Won't get them anywhere.
Title: Re: Suspicious error email
Post by: Jeff B on September 01, 2020, 05:01:36 PM
Thank you. :)
Text only | Text with Images