News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Undefined array key: REDIRECT_QUERY_STRING

Started by MobileCS, March 22, 2025, 11:22:38 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

MobileCS

March 22, 2025, 11:22:38 PM
Out of nowhere, my forum is getting slammed with these warnings.

I've not done any updates or changed any code in months.

Code Select
PHP Warning:  Undefined array key "REDIRECT_QUERY_STRING" in /forum/Sources/QueryString.php on line 80
QueryString.php - Line 80:

Code Select
// Was this redirected? If so, get the REDIRECT_QUERY_STRING.
// Do not urldecode() the querystring.
$_SERVER['QUERY_STRING'] = substr($_SERVER['QUERY_STRING'], 0, 5) === 'url=/' ? $_SERVER['REDIRECT_QUERY_STRING'] : $_SERVER['QUERY_STRING'];

MobileCS

#1
April 04, 2025, 11:21:42 AM
Had about 20 more of these show up yesterday.

These are the URL's that is triggering the warnings :

Code Select
154.83.103.11 - [03/Apr/2025:11:08:45 -0700] GET /?url=/etc/environment HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:45 -0700] GET /?url=/var/www/html/.env HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:45 -0700] GET /?url=/var/www/.env HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:45 -0700] GET /?url=/www/.env HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:46 -0700] GET /?url=/app/.env HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:46 -0700] GET /?url=/config/.env HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:46 -0700] GET /?url=/home/user/.env HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:46 -0700] GET /?url=/var/www/html/config.json HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:47 -0700] GET /?url=/var/www/config.json HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:47 -0700] GET /?url=/var/www/html/config.yaml HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:47 -0700] GET /?url=/var/www/html/config.yml HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:47 -0700] GET /?url=/var/www/html/config.php HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:47 -0700] GET /?url=/var/www/html/settings.json HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:47 -0700] GET /?url=/var/www/html/settings.php HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:48 -0700] GET /?url=/var/www/html/config.js HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:48 -0700] GET /?url=/var/www/html/settings.py HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:54 -0700] GET /?url=/config/database.yml HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:54 -0700] GET /?url=/var/www/html/wp-config.php HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:54 -0700] GET /?url=/var/www/html/config.php HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
154.83.103.11 - [03/Apr/2025:11:08:54 -0700] GET /?url=/var/www/html/.htaccess HTTP/1.1 "200" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
I do include /forum/SSI.php on my main website so I can display how many users are online, show latest posts, etc.

Aleksi "Lex" Kilpinen

#2
April 04, 2025, 11:31:22 AM
I'm not completely sure, but that looks to me like someone trying to cheat SMF to fetch files on the server in bulk, but failing at it. Could be an idea to just ban the IP on the server level if they continue hammering.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF
Print
Go Up Pages1
User actions
Advertisement: