Is this a hacking attempt?

[Black Tiger]

I'm just wondering if this is an attempt to hack something:
There were the errors in the forums logs:

Code Select Expand

[16-Dec-2014 01:10:13 Europe/Amsterdam] PHP Notice:  Undefined index: server in /home/user/public_html/forum/Sources/Subs-Post.php
on line 627
[16-Dec-2014 01:10:13 Europe/Amsterdam] PHP Notice:  Undefined index: character_set in /home/user/public_html/forum/Sources/Subs-Post.php on line 1219
[16-Dec-2014 01:10:13 Europe/Amsterdam] PHP Notice:  Undefined index: character_set in /home/user/public_html/forum/Sources/Subs-Post.php on line 1219
[16-Dec-2014 01:10:13 Europe/Amsterdam] PHP Notice:  Undefined index: character_set in /home/user/public_html/forum/Sources/Subs-Post.php on line 1219
[16-Dec-2014 01:10:13 Europe/Amsterdam] PHP Notice:  Undefined index: utf8 in /home/user/public_html/forum/Sources/Subs-Post.php on line 1262
[16-Dec-2014 01:10:13 Europe/Amsterdam] PHP Notice:  Undefined index: utf8 in /home/user/public_html/forum/Sources/Subs-Post.php on line 1264
[16-Dec-2014 01:10:13 Europe/Amsterdam] PHP Notice:  Undefined index: character_set in /home/user/public_html/forum/Sources/Subs-Post.php on line 1219

This range of error lines appears 4 times with the same timestamp.

So I had a look in the logfiles, and found only 2 lines with this timestamp:

Code Select Expand

41.140.125.234 - - [16/Dec/2014:01:10:13 +0100] "GET /forum/index.php?topic=14057.msg79542 HTTP/1.1" 200 10603 "http://www.myforums.org/forum/index.php?topic=14057.0" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
41.140.125.234 - - [16/Dec/2014:01:10:13 +0100] "GET /forum/index.php?scheduled=task;ts=1418688000 HTTP/1.1" 200 43 "http://www.myforums.org/forum/index.php?topic=14057.msg79542" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"

Next to the fact that I find it strange that 2 visit ilnes can cause 24 lines of errors, I'm especially wondering about the "scheduled=task" line which is called in the second line of the log.
AFAIK user should not have to do anything with schelduled tasks.

So I get 3 questions.
1.) Is the creation of so many error lines normal for only 2 GET lines?
2.) Is it safe to ignore these kind of error lines in the forum error log?
3.) Could this be a hacking attempt (if yes I will ban the ip).

[margarett]

I've seen that popping up more than once and I think that was fixed in 2.0.something (recently). Are you on 2.0.9?

[Illori]

I've seen that popping up more than once and I think that was fixed in 2.0.something (recently). Are you on 2.0.9?

the first error is related to the birthday email and i dont believe has been solved as the issue has not been tracked down.

[Black Tiger]

Yep I'm on 2.09 Margarett, that's correct.

I don't know if it's a birthday thing, I should have the issue on the second forum too, no problem there. And I just checked, according to my schuduled tasks, birthday emails are send at 01:00.
Edit: and why would a user use a GET to a scheduled task?

[margarett]

the first error is related to the birthday email and i dont believe has been solved as the issue has not been tracked down.

I would never compete with your memory

Code Select Expand

I'm especially wondering about the "scheduled=task"
Scheduled tasks are ran by whoever is loading a page in a given moment So you don't need to worry. Yet if what Illori says is true (and we must assume so - never question her memory ) we need to pick this issue again...

Do these errors show up in your SMF log? They should...

[Black Tiger]

Oke I will truyst on Illori's memory too, no problem there.

The first block of errors is showing up on my SMF log indeed.
But I administer 2 forums. The one with this error is converted from VB 3.8.x to SMF 2.06 UTF-8 and upgraded a short while ago to 2.0.9.

The second one is converted from VB 3.8 to SMF 2.0.9 directly (not UTF-8). This forum does also send birthday emails, but I've not seen those lines in forum log yet, in spite of the fact that also there were birthdays this week.

So maybe I'm having something old on my forum? A version check says it's oke, however, that's after I replaced a language file which was 2.0.6 or 2.0.4 this week.

[Kindred]

ummm... that first block or errors is not the format used to display errors in the smf error log

[Illori]

ummm... that first block or errors is not the format used to display errors in the smf error log

but the php error log would be in that format.

[Black Tiger]

Sorry, I can't help you there, it's exactly what's present in /home/myname/public_html/forum/error_log so that's really the SMF error log.
But I've got "Disable evaluation of templates" selected. Could that make any difference?

[Kindred]

no.... that is not the smf error log.  that is the php error_log file...   the smf error log is index.php?action=admin;area=logs;sa=errorlog;desc

[Black Tiger]

Oh I thought SMF was creating files in there since it's in the /forum directory. Must be something Cpanel is doing, we don't have that on our Directadmin servers.

In that case... I will rephrase the question. Since it's all SMF errors in that php log, is there a way to fix those errors?

[Illori]

the first error is related to the birthday email and i dont believe has been solved as the issue has not been tracked down.

that is still your answer.

[Black Tiger]

Oke then I can safely ignore it. Thank you.