News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Seeing an error popup up suddenly

Started by bynw, June 08, 2024, 05:38:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

bynw

June 08, 2024, 05:38:28 PM Last Edit: July 07, 2024, 12:55:17 PM by Steve
Hi

I'm getting this error frequently on my forum for the last couple of days.
No changes to any mods or any other upgrades.

I currently have 20 of these errors. I had 64 earlier today (deleted them) and even more over the last few days.

=====
Guest
IP ADDRESS
f9c5c1ab74262591a74e01d6cf364b6e
https://www.rhemuthcastle.com/index.php?action=likes;sa=view;ltype=msg;like=29416;dc5d526f35c=f9c5c1ab74262591a74e01d6cf364b6e

Type of error: User
Error message Select
Unable to verify referring URL. Please go back and try again.

Backtrace Info:

Type of error
User

Error message
Unable to verify referring URL. Please go back and try again.

URL of page causing the error
https://www.rhemuthcastle.com/index.php?action=likes;sa=view;ltype=msg;like=29416;dc5d526f35c=f9c5c1ab74262591a74e01d6cf364b6e

    #0: fatal_lang_error()
    Called from /XXX/XXX/rhemuthcastle.com/Sources/Security.php on line 710
    #1: checkSession()
    Called from /XXX/XXX/rhemuthcastle.com/Sources/Likes.php on line 147
    #2: call()
    Called from /XXX/XXX/rhemuthcastle.com/index.php on line 184


It's always a Guest user causing these errors. Never a member of the forum.


Sir Osis of Liver

#1
June 08, 2024, 05:51:52 PM
When in Emor, do as the Snamors.
                              - D. Lister

Kindred

#2
June 08, 2024, 06:34:01 PM
If it's from a guest, I'd bet it's a bot that is hitting some recorded url...
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

bynw

#3
June 08, 2024, 09:56:27 PM
Yeah I see that stray character now. I wonder why they are getting it.

I checked a bunch of the IPs. All from Singapore. Probably bots.

Arantor

#4
June 09, 2024, 03:15:12 AM
Quote from: Sir Osis of Liver on June 08, 2024, 05:51:52 PMThere's a stray character in first url before 'type=msg'.

No, there isn't. ltype = like type. (Since the system is designed to cope with multiple types of likes)

If you don't supply an ltype, it's going to ignore you; if you *do* supply an ltype, it wants to verify that it's attached to a real session.

The issue is not the malformed URL (because it's not malformed), the issue is that somehow an old user's session has found its way into the bots, and is now being logged.

It won't be valid because the session will have changed for that user. Is it always the same URL exactly for each of them? (The last part is the session identifier...)
Holder of controversial views, all of which my own.

Sir Osis of Liver

#5
June 09, 2024, 02:39:43 PM
That's interesting.  So there's no way to stop the errors?
When in Emor, do as the Snamors.
                              - D. Lister

Arantor

#6
June 09, 2024, 03:21:08 PM
Personally I wouldn't have checkSession() ever be dropping that into the log, but there's a set of criteria in Security.php that make it look for what it thinks are CORS failures.

Code Select
// Check the refer but if we have CORS enabled and it came from a trusted source, we can skip this check.
if (!empty($referrer['host']) && (empty($modSettings['allow_cors']) || empty($context['valid_cors_found']) || !in_array($context['valid_cors_found'], array('same', 'subdomain'))))
{
if (strpos($_SERVER['HTTP_HOST'], ':') !== false)
$real_host = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':'));
else
$real_host = $_SERVER['HTTP_HOST'];

$parsed_url = parse_iri($boardurl);

// Are global cookies on?  If so, let's check them ;).
if (!empty($modSettings['globalCookies']))
{
if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $parsed_url['host'], $parts) == 1)
$parsed_url['host'] = $parts[1];

if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $referrer['host'], $parts) == 1)
$referrer['host'] = $parts[1];

if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $real_host, $parts) == 1)
$real_host = $parts[1];
}

// Okay: referrer must either match parsed_url or real_host.
if (isset($parsed_url['host']) && strtolower($referrer['host']) != strtolower($parsed_url['host']) && strtolower($referrer['host']) != strtolower($real_host))
{
$error = 'verify_url_fail';
$log_error = true;
}
}

// Well, first of all, if a from_action is specified you'd better have an old_url.
if (!empty($from_action) && (!isset($_SESSION['old_url']) || preg_match('~[?;&]action=' . $from_action . '([;&]|$)~', $_SESSION['old_url']) == 0))
{
$error = 'verify_url_fail';
$log_error = true;
}

Me personally, I'd just take both of those $log_error = true statements out because I'm not sure what value it's producing to log these errors. YMMV however.
Holder of controversial views, all of which my own.

Print
Go Up Pages1
User actions
Advertisement: