Advertisement:

Author Topic: Many errors in logs in Security.php and Subs.php file from guests  (Read 6135 times)

Offline phantomm

  • Sophist Member
  • *****
  • Posts: 1,064
  • Gender: Male
    • pages/smfpl/171860759503032 on Facebook
    • Polish ElkArte community
Hi, yesterday I noticed that guests are making many errors in my logs (in SMF).

All errors are in two files: Subs.php and Security.php. Errors are created by guests and (what's for me interesting) this entries have no IP.
Here are example errors from Security.php:
Line 833:
Code: [Select]
if (!is_array($permission) && in_array($permission, $user_info['permissions']))Errors:
Code: [Select]
2: in_array() expects parameter 2 to be array, null given
Code: [Select]
8: Undefined index: permissions
Line 836:
Code: [Select]
elseif (is_array($permission) && count(array_intersect($permission, $user_info['permissions'])) != 0)Errors:
Code: [Select]
2: array_intersect(): Argument #2 is not an array
Errors are repeating for 11 pages and all have the same time.

Errors from Subs.php:
Line 4068:
Code: [Select]
if (($menu_buttons = cache_get_data('menu_buttons-' . implode('_', $user_info['groups']) . '-' . $user_info['language'] . '-' . empty($context['disable_sp']), $cacheTime)) === null || time() - $cacheTime <= $modSettings['settings_updated'])Errors:
Code: [Select]
8: Undefined index: language
Code: [Select]
2: implode(): Invalid arguments passed
Code: [Select]
8: Undefined index: groups
Code: [Select]
8: Undefined index: total_time_logged_in
Errors from both files have the same URL logged:
Code: [Select]
http://***.info/forum/index.php?action=portal;sa=shoutbox;shoutbox_id=1;time=1392993296;xml
Some time ago I had another issue with errors made by guests => http://www.simplemachines.org/community/index.php?topic=502568.0

SMF version: 2.0.7
Installed modifications:
Arantor CAPTCHA   1.0.8
Top 10 Posters and Topic Starters Stats (Today, Week, Month, and Year)   2.6
Nickname to Reply   0.7.1.1
Best Answer Intergration   1.4
ResizeImagesToFitScreen   0.1.6
DevCenter   0.4
Join date and Location in Posts   1.3.1
Location on memberlist SMF2   1.5
Custom Fields On Memberlist   1.1
Topic Author   0.1
Recent Topics On Board Index   1.03
Optimus Brave   1.8.7
Similar Topics   0.6
Tapatalk SMF 2.0 RC5/Final Plugin   3.9.0
SA GPlus   0.3 REV 9
SA Facebook   2.0.2
Avatar On Board RC2   2.1
Ban Filter   1.0
Gravatar 4 SMF   1.0
Member Color Link   3.1
Switch Permissions   1.0
Aeva Media   1.4w
Misc Anti Spam   1.0
Add Facebook Like, Tweet, and Google +1   1.0.3a
httpBL   2.5.1

Subs.php and Security.php files in attachment.

How this can be solved? Or how at least figure out IP so I can add it in ban list?
Polskie wsparcie SMF na simplemachines.org

My mods

Offline Kays

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 8,973
  • Gender: Male
    • Kayssplace
Re: Many errors in logs in Security.php and Subs.php file from guests
« Reply #1 on: February 23, 2014, 09:57:22 AM »
Hi, do you still have Simple Portal installed?

It looks like someone is trying to access the shoutbox before the permissions are set. In fact maybe even before $user_info is properly populated. Which is strange but also possibly the cause of the  other errors and no ip addy.

Which were the last mods you added and how long ago?

If at first you don't succeed, use a bigger hammer. If that fails, read the manual.
My Mods

Offline phantomm

  • Sophist Member
  • *****
  • Posts: 1,064
  • Gender: Male
    • pages/smfpl/171860759503032 on Facebook
    • Polish ElkArte community
Re: Many errors in logs in Security.php and Subs.php file from guests
« Reply #2 on: February 23, 2014, 03:31:07 PM »
I have SP installed for over a year now.
Latest installed packages was Arantor CAPTCHA, Top 10 Posters and Topic Starters Stats and SMF 2.0.7 update - all 3-4 weeks ago.

Additionally I have in index.template.php added:
Code: [Select]
if (!$context['user']['is_logged'] && isset($_GET['sa']) && $_GET['sa'] == 'shoutbox') die();
Because earlier we had other issues with guests.
Polskie wsparcie SMF na simplemachines.org

My mods

Offline phantomm

  • Sophist Member
  • *****
  • Posts: 1,064
  • Gender: Male
    • pages/smfpl/171860759503032 on Facebook
    • Polish ElkArte community
Re: Many errors in logs in Security.php and Subs.php file from guests
« Reply #3 on: August 29, 2014, 01:34:23 PM »
Again something caused errors in Security.php :|

8 pages filled up with this errors, all from yesterday 11:26.


any ideas how to solve it? How to log at least IP so it can be banned?
Polskie wsparcie SMF na simplemachines.org

My mods

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,378
    • StoryBB/StoryBB on GitHub
Re: Many errors in logs in Security.php and Subs.php file from guests
« Reply #4 on: August 29, 2014, 01:38:06 PM »
Mods installed?
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline phantomm

  • Sophist Member
  • *****
  • Posts: 1,064
  • Gender: Male
    • pages/smfpl/171860759503032 on Facebook
    • Polish ElkArte community
Re: Many errors in logs in Security.php and Subs.php file from guests
« Reply #5 on: August 29, 2014, 01:39:31 PM »
The same as in first post, only change is SMF version - 2.0.8

Also server error logs did not log anything on this time.
Polskie wsparcie SMF na simplemachines.org

My mods

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,378
    • StoryBB/StoryBB on GitHub
Re: Many errors in logs in Security.php and Subs.php file from guests
« Reply #6 on: August 29, 2014, 01:46:57 PM »
Something is doing a permissions request before you actually have permissions loaded. This doesn't happen in a stock install. Additionally, one of your mods is doing it during the avatar load procedure which is a really bad idea.

As countermeasure, I suggest changing this a few lines above line 833:
Code: [Select]
if (empty($user_info))
return false;

to this:
Code: [Select]
if (empty($user_info) || empty($user_info['permissions']))
return false;

Quite why something is loading so early, I don't know. But this will stop it throwing errors at least.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline phantomm

  • Sophist Member
  • *****
  • Posts: 1,064
  • Gender: Male
    • pages/smfpl/171860759503032 on Facebook
    • Polish ElkArte community
Re: Many errors in logs in Security.php and Subs.php file from guests
« Reply #7 on: August 29, 2014, 01:51:20 PM »
Thanks, but with this edit I don't have all menu buttons and I can't access action=admin
Polskie wsparcie SMF na simplemachines.org

My mods

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,378
    • StoryBB/StoryBB on GitHub
Re: Many errors in logs in Security.php and Subs.php file from guests
« Reply #8 on: August 29, 2014, 01:55:43 PM »
What the hell has mangled your site?


Revert back and then replace this:
Code: [Select]
// You're never allowed to do something if your data hasn't been loaded yet!
if (empty($user_info))
return false;

// Administrators are supermen :P.
if ($user_info['is_admin'])
return true;

with:
Code: [Select]
// You're never allowed to do something if your data hasn't been loaded yet!
if (empty($user_info))
return false;

// Administrators are supermen :P.
if ($user_info['is_admin'])
return true;

// For some reason, some mods are broken and requesting permissions before permissions have even been loaded. To deal with that idiocy... we have to check them again.
if (empty($user_info['permissions']))
return false;
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline phantomm

  • Sophist Member
  • *****
  • Posts: 1,064
  • Gender: Male
    • pages/smfpl/171860759503032 on Facebook
    • Polish ElkArte community
Re: Many errors in logs in Security.php and Subs.php file from guests
« Reply #9 on: August 29, 2014, 02:05:56 PM »
This works fine, we'll see if it helps in few days.
Thanks.

What the hell has mangled your site?
If I only knew... :|

I wonder if this could be somehow caused by Wordpress installed on main domain, where are blocks with latest posts from SMF forum?
I'm waiting for password to WP, because other admin changed it and forgot to notify me.. so for now i have no idea how posts are added, with SSI or some WP plugin.
Polskie wsparcie SMF na simplemachines.org

My mods

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,378
    • StoryBB/StoryBB on GitHub
Re: Many errors in logs in Security.php and Subs.php file from guests
« Reply #10 on: August 29, 2014, 02:10:36 PM »
I don't see how. Something is doing an SMF permissions call before the full process is carried out, and that's not what WP does normally (and it wouldn't be the case if SSI were involved anyway). Tapatalk certainly used to do that at one point but I thought they'd fixed that nonsense by now.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline phantomm

  • Sophist Member
  • *****
  • Posts: 1,064
  • Gender: Male
    • pages/smfpl/171860759503032 on Facebook
    • Polish ElkArte community
Re: Many errors in logs in Security.php and Subs.php file from guests
« Reply #11 on: August 29, 2014, 02:22:46 PM »
So WP blocks are added with https://wordpress.org/plugins/bns-smf-feeds/
For now I'll leave it as it is, and see if your fix helps with issue.
Polskie wsparcie SMF na simplemachines.org

My mods

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,378
    • StoryBB/StoryBB on GitHub
Re: Many errors in logs in Security.php and Subs.php file from guests
« Reply #12 on: August 29, 2014, 02:28:31 PM »
That plugin looks like it would not interfere.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.