Hack attempt?

[TurtleKicker]

2.1 RC4

Every now and then, I see a bunch of errors in the log from a guest account. Here's an example:

All come from https://www.*******.com/index.php?action=signup;sslRedirect
 /*****/Sources/Subs.php

...so I won't keep repeating that. The line #s change though:

Code Select Expand

(Line 3305)
8: Undefined index:

(Line 4726)
8: Undefined index: can_mod

(Line 4745)
8: Undefined index: is_guest

(Line 4750)
8: Undefined index: id

(Line 4759)
8: Undefined index: id

(Line 4889)
8: Undefined index: can_register

(Line 4894)
8: Undefined index: can_register

(Line 3906)
8: Undefined index: template_layers

(Line 3906)
2: Invalid argument supplied for foreach()
Signups aren't broken... I've tried signing up a dummy account and successfully worked through the process without errors. I'm not clear what's triggering these but I'm wondering if they're indicative of a hacking attempt (in which case, I hope some of the many anti-hacking/spam mods get updated for 2.1RC4)

[Doug Heffernan]

2.1 RC4

Every now and then, I see a bunch of errors in the log from a guest account. Here's an example:

All come from https://www.*******.com/index.php?action=signup;sslRedirect
 /*****/Sources/Subs.php

...so I won't keep repeating that. The line #s change though:

Code Select Expand

(Line 3305)
8: Undefined index:

(Line 4726)
8: Undefined index: can_mod

(Line 4745)
8: Undefined index: is_guest

(Line 4750)
8: Undefined index: id

(Line 4759)
8: Undefined index: id

(Line 4889)
8: Undefined index: can_register

(Line 4894)
8: Undefined index: can_register

(Line 3906)
8: Undefined index: template_layers

(Line 3906)
2: Invalid argument supplied for foreach()
Signups aren't broken... I've tried signing up a dummy account and successfully worked through the process without errors. I'm not clear what's triggering these but I'm wondering if they're indicative of a hacking attempt (in which case, I hope some of the many anti-hacking/spam mods get updated for 2.1RC4)

It is not a hacking attempt. Those errors are likely caused by third party mods. What mods do you have installed?

[TurtleKicker]

It is not a hacking attempt. Those errors are likely caused by third party mods. What mods do you have installed?

Well bugger. I have a bunch of mods... if it was re-creatable, it'd be easy to disable them one by one and test.

Merge Double Posts
Inter Font for SMF
Battle
FA Board Icons
Topic Rating Bar
Simple Referrals
TinyPortal
FancyBox 4 SMF
Similar Topics
Curve2 Color Changer
Forum Width Setting
Email Obfuscator
SMF Trader System
ST Shop
Simple Audio Video Embedder
SMF Arcade
Quick Spoiler

[Diego Andrés]

Do all of the errors come from the same file and link?
Could be something related to the registration page, or a mod changing it

[Doug Heffernan]

It is not a hacking attempt. Those errors are likely caused by third party mods. What mods do you have installed?

Well bugger. I have a bunch of mods... if it was re-creatable, it'd be easy to disable them one by one and test.

Merge Double Posts
Inter Font for SMF
Battle
FA Board Icons
Topic Rating Bar
Simple Referrals
TinyPortal
FancyBox 4 SMF
Similar Topics
Curve2 Color Changer
Forum Width Setting
Email Obfuscator
SMF Trader System
ST Shop
Simple Audio Video Embedder
SMF Arcade
Quick Spoiler

Can you post the contents of your .htaccess file as well btw?

[SpacePhoenix]

Are all mods in use the current version of them mods?

[TurtleKicker]

Are all mods in use the current version of them mods?

Yes.

Can you post the contents of your .htaccess file as well btw?

Sure. Here's the root one in public_html/ (asterisks to remove sensitive info):

Code Select Expand

RewriteOptions inherit

RewriteEngine on
Options -Indexes
# Use PHP5 as default
# AddType application/x-httpd-php5 .php .php5
AddType application/x-httpd-php4 .php4

<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 83.205.136.203
deny from 212.187.250.200
deny from 124.210.32.201
deny from 220.237.4.222
deny from 78.157.142.11
deny from 211.43.220.89
deny from 121.190.223.3
deny from 203.255.39.100
deny from 216.237.212.53
deny from 69.154.229.88
deny from 155.245.69.8
deny from 218.38.34.115
deny from 71.163.174.142
deny from 24.36.12.173
deny from 201.251.61.81
deny from 95.111.7.188
deny from 91.208.211.151
deny from 77.232.66.11
deny from 69.198.107.19
deny from 201.76.73.10
deny from 124.122.24.88
deny from 66.197.166.88
deny from 202.70.54.154
deny from 200.82.102.64
deny from 221.206.36.162
deny from 79.117.71.78
deny from 122.53.68.3
deny from 110.234.205.43
deny from 122.173.23.160
deny from 137.56.163.46
deny from 112.201.232.107
deny from 182.177.191.196
deny from 116.58.0.0/17
deny from 119.152.0.0/13
deny from 121.97.77.0/24
deny from 121.96.0.0/18
deny from 173.234.0.0/16
deny from 173.208.24.0/21
deny from 202.78.64.0/18
deny from 182.178.202.165
deny from 108.62.94.235
deny from 182.178.179.204
deny from 182.178.226.169
deny from 182.178.129.69
deny from 182.178.167.13
deny from 182.178.236.134
deny from 182.178.241.75
deny from 122.179.134.188
##AddHandler application/x-httpd-php53 php
RewriteCond %{HTTP_HOST} ^*****\.net$ [OR]
RewriteCond %{HTTP_HOST} ^www\.*****\.net$
RewriteRule ^do$ "https\:\/\/m\.do\.co\/c\/******" [R=302,L]
RewriteCond %{HTTP_HOST} ^****\.net$ [OR]
RewriteCond %{HTTP_HOST} ^www\.*****\.net$
RewriteRule ^*******$ "https\:\/\/youtu\.be\/nUI\****" [R=301,L]
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^***$ "https\:\/\/photos\.app\.goo\.gl\/*****" [R=301,L]
deny from 51.222.253.0/24
deny from 54.36.148.0/24
deny from 54.36.149.0/24
deny from 198.251.73.0/24
deny from 114.119.147.0/24
Then the one in the root of my SMF forum:

Code Select Expand

RewriteOptions inherit

RewriteEngine on
RewriteCond %{HTTP_HOST} ^**********\.com$
RewriteRule ^/?$ "http\:\/\/www\.*********\.com\/" [R=301,L]
RewriteCond %{HTTP_HOST} ^***********\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.*********\.com$
RewriteRule ^faq$ "https\:\/\/www\.**********\.com\/index\.php\?page\=FAQ" [R=302,L]
RewriteCond %{HTTP_HOST} ^************\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.**********\.com$
RewriteRule ^arcade\/?$ "https\:\/\/www\.********\.com\/index\.php\?action\=arcade\;sa\=list\;sortby\=age\;dir\=desc" [R=301,L]
RewriteCond %{HTTP_HOST} ^**********\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.**********\.com$
RewriteRule ^reviews$ "https\:\/\/www\.*********\.com\/index\.php\?cat\=7" [R=301,L]
RewriteCond %{HTTP_HOST} ^*************\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.*************\.com$
RewriteRule ^discord$ "https\:\/\/discord\.gg\/*******" [R=301,L]
RewriteCond %{HTTP_HOST} ^************\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.**********\.com$
RewriteRule ^patreon$ "http\:\/\/patreon\.com\/**********" [R=301,L]

<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 51.222.253.0/24
deny from 54.36.148.0/24
deny from 54.36.149.0/24
deny from 198.251.73.0/24
deny from 114.119.147.0/24

[Kindred]

OMG....   your htaccess has you using  php 4!!!
no wonder it's choking

AddType application/x-httpd-php4 .php4

put a # in front of that line!!!

[TurtleKicker]

OMG....  your htaccess has you using  php 4!!!
no wonder it's choking

AddType application/x-httpd-php4 .php4

put a # in front of that line!!!

Ugh! Old cruft. Thanks for catching that. Although if you ask my various software what PHP is being used, they say 7.4 (as set via cpanel). But I'll comment out that line for good measure and see if any more errors come back.

I had another round recently, same errors from "guest" in another batch of 9.

[Kindred]

as noted those errors have nothing to do with hacking, specifically....   they are missing indexes for variables.

since simple referrer is the only mod in your list which affects registration, I'd say that's a likely candidate.

Basically, your system, at some point during the registration process, is trying to call on variables which are not defined at that time.   Looks like a function call got added in the wrong location -- or someone who wrote a mod didn't define $context or something critical like that


In your htaccess, you have a whole bunch of repeating commands/conditions/results -- what I DON'T see, is a rediect to force https -- which is why you're seeing the sslredirect tacked on to the end of the url.

[Doug Heffernan]

Indeed. Try to add this code to your htaccess file which should fix the https redirect issue.

Code Select Expand

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

[TurtleKicker]

Indeed. Try to add this code to your htaccess file which should fix the https redirect issue.

Done! Thanks.

I'll see if the error appears again after the changes I've made today. If so, the next thing I'll try doing is removing the Simple Referrer mod. I can run without that for a while.

[Doug Heffernan]

Indeed. Try to add this code to your htaccess file which should fix the https redirect issue.

Done! Thanks.

I'll see if the error appears again after the changes I've made today. If so, the next thing I'll try doing is removing the Simple Referrer mod. I can run without that for a while.

No problem. Let us know how it will go.

[live627]

OMG....   your htaccess has you using  php 4!!!
no wonder it's choking

AddType application/x-httpd-php4 .php4

put a # in front of that line!!!

that rule only applies to .php4 files

SMF will throw parse errors on PHP 4.