Topic: Many errors in logs in Security.php and Subs.php file from guests

[Adrek]

Hi, yesterday I noticed that guests are making many errors in my logs (in SMF).

All errors are in two files: Subs.php and Security.php. Errors are created by guests and (what's for me interesting) this entries have no IP.
Here are example errors from Security.php:
Line 833:

Code: [Select]

if (!is_array($permission) && in_array($permission, $user_info['permissions']))Errors:

Code: [Select]

2: in_array() expects parameter 2 to be array, null given

Code: [Select]

8: Undefined index: permissions
Line 836:

Code: [Select]

elseif (is_array($permission) && count(array_intersect($permission, $user_info['permissions'])) != 0)Errors:

Code: [Select]

2: array_intersect(): Argument #2 is not an array
Errors are repeating for 11 pages and all have the same time.

Errors from Subs.php:
Line 4068:

Code: [Select]

if (($menu_buttons = cache_get_data('menu_buttons-' . implode('_', $user_info['groups']) . '-' . $user_info['language'] . '-' . empty($context['disable_sp']), $cacheTime)) === null || time() - $cacheTime <= $modSettings['settings_updated'])Errors:

Code: [Select]

8: Undefined index: language

Code: [Select]

2: implode(): Invalid arguments passed

Code: [Select]

8: Undefined index: groups

Code: [Select]

8: Undefined index: total_time_logged_in
Errors from both files have the same URL logged:

Code: [Select]

http://***.info/forum/index.php?action=portal;sa=shoutbox;shoutbox_id=1;time=1392993296;xml
Some time ago I had another issue with errors made by guests => http://www.simplemachines.org/community/index.php?topic=502568.0

SMF version: 2.0.7
Installed modifications:
Arantor CAPTCHA   1.0.8
Top 10 Posters and Topic Starters Stats (Today, Week, Month, and Year)   2.6
Nickname to Reply   0.7.1.1
Best Answer Intergration   1.4
ResizeImagesToFitScreen   0.1.6
DevCenter   0.4
Join date and Location in Posts   1.3.1
Location on memberlist SMF2   1.5
Custom Fields On Memberlist   1.1
Topic Author   0.1
Recent Topics On Board Index   1.03
Optimus Brave   1.8.7
Similar Topics   0.6
Tapatalk SMF 2.0 RC5/Final Plugin   3.9.0
SA GPlus   0.3 REV 9
SA Facebook   2.0.2
Avatar On Board RC2   2.1
Ban Filter   1.0
Gravatar 4 SMF   1.0
Member Color Link   3.1
Switch Permissions   1.0
Aeva Media   1.4w
Misc Anti Spam   1.0
Add Facebook Like, Tweet, and Google +1   1.0.3a
httpBL   2.5.1

Subs.php and Security.php files in attachment.

How this can be solved? Or how at least figure out IP so I can add it in ban list?

[Kays]

Hi, do you still have Simple Portal installed?

It looks like someone is trying to access the shoutbox before the permissions are set. In fact maybe even before $user_info is properly populated. Which is strange but also possibly the cause of the  other errors and no ip addy.

Which were the last mods you added and how long ago?

[Adrek]

I have SP installed for over a year now.
Latest installed packages was Arantor CAPTCHA, Top 10 Posters and Topic Starters Stats and SMF 2.0.7 update - all 3-4 weeks ago.

Additionally I have in index.template.php added:

Code: [Select]

if (!$context['user']['is_logged'] && isset($_GET['sa']) && $_GET['sa'] == 'shoutbox') die();
Because earlier we had other issues with guests.

[Adrek]

Again something caused errors in Security.php :|

8 pages filled up with this errors, all from yesterday 11:26.


any ideas how to solve it? How to log at least IP so it can be banned?

[Arantor]

Mods installed?

[Adrek]

The same as in first post, only change is SMF version - 2.0.8

Also server error logs did not log anything on this time.

[Arantor]

Something is doing a permissions request before you actually have permissions loaded. This doesn't happen in a stock install. Additionally, one of your mods is doing it during the avatar load procedure which is a really bad idea.

As countermeasure, I suggest changing this a few lines above line 833:

Code: [Select]

if (empty($user_info))
return false;
to this:

Code: [Select]

if (empty($user_info) || empty($user_info['permissions']))
return false;
Quite why something is loading so early, I don't know. But this will stop it throwing errors at least.

[Adrek]

Thanks, but with this edit I don't have all menu buttons and I can't access action=admin

[Arantor]

What the hell has mangled your site?


Revert back and then replace this:

Code: [Select]

// You're never allowed to do something if your data hasn't been loaded yet!
if (empty($user_info))
return false;

// Administrators are supermen :P.
if ($user_info['is_admin'])
return true;
with:

Code: [Select]

// You're never allowed to do something if your data hasn't been loaded yet!
if (empty($user_info))
return false;

// Administrators are supermen :P.
if ($user_info['is_admin'])
return true;

// For some reason, some mods are broken and requesting permissions before permissions have even been loaded. To deal with that idiocy... we have to check them again.
if (empty($user_info['permissions']))
return false;

[Adrek]

This works fine, we'll see if it helps in few days.
Thanks.

What the hell has mangled your site?

If I only knew... :|

I wonder if this could be somehow caused by Wordpress installed on main domain, where are blocks with latest posts from SMF forum?
I'm waiting for password to WP, because other admin changed it and forgot to notify me.. so for now i have no idea how posts are added, with SSI or some WP plugin.

[Arantor]

I don't see how. Something is doing an SMF permissions call before the full process is carried out, and that's not what WP does normally (and it wouldn't be the case if SSI were involved anyway). Tapatalk certainly used to do that at one point but I thought they'd fixed that nonsense by now.

[Adrek]

So WP blocks are added with https://wordpress.org/plugins/bns-smf-feeds/
For now I'll leave it as it is, and see if your fix helps with issue.

[Arantor]

That plugin looks like it would not interfere.