Jump to content

Found these in my Error Log


Claudia M

Recommended Posts

I found these in the cPanel error log.  Any idea what they mean?  What should I do to quit getting them as I got the same ones yesterday too.  Thanks in advance for any and all help.

I replaced my database name with xxx

Claudia

 

10-Apr-2019 01:19:57 UTC] PHP Warning:  Invalid Security Token in /home/xxx/public_html/classes/sanitize.class.php on line 155
[10-Apr-2019 01:21:01 UTC] PHP Warning:  Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '91.121.222.157' New IP Address: '91.121.222.157' Old User Agent: '}__test|O:21:"JDatabaseDriverMysqli":3:{s:2:"fc";O:17:"JSimplepieFactory":0:{}s:21:" in /home/xxx/public_html/classes/session.class.php on line 700
[09-Apr-2019 21:32:46 America/Louisville] PHP Warning:  No customer information detected. Order summary was not built or inserted. in /home/xxx/public_html/classes/order.class.php on line 1362
[10-Apr-2019 01:35:13 UTC] PHP Warning:  Invalid Security Token in /home/xxx/public_html/classes/sanitize.class.php on line 155
[10-Apr-2019 16:24:28 UTC] PHP Warning:  Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '192.99.4.102' New IP Address: '192.99.4.102' Old User Agent: '}__test|O:21:"JDatabaseDriverMysqli":3:{s:2:"fc";O:17:"JSimplepieFactory":0:{}s:21:" in /home/xxx/public_html/classes/session.class.php on line 700
[10-Apr-2019 16:24:55 UTC] PHP Warning:  Security Warning: Illegal array key "#post_render" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 114
[10-Apr-2019 16:24:55 UTC] PHP Warning:  Security Warning: Illegal array key "#type" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 114
[10-Apr-2019 16:24:55 UTC] PHP Warning:  Security Warning: Illegal array key "#markup" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 114
[10-Apr-2019 16:24:55 UTC] PHP Warning:  Security Warning: Illegal array key "#post_render" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 114
[10-Apr-2019 16:24:55 UTC] PHP Warning:  Security Warning: Illegal array key "#type" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 114
[10-Apr-2019 16:24:55 UTC] PHP Warning:  Security Warning: Illegal array key "#markup" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 114
[10-Apr-2019 16:26:07 UTC] PHP Warning:  Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '192.99.4.102' New IP Address: '192.99.4.102' Old User Agent: '}__test|O:21:"JDatabaseDriverMysqli":3:{s:2:"fc";O:17:"JSimplepieFactory":0:{}s:21:" in /home/xxx/public_html/classes/session.class.php on line 700
[10-Apr-2019 16:26:25 UTC] PHP Warning:  Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '192.99.4.102' New IP Address: '192.99.4.102' Old User Agent: '}__test|O:21:"JDatabaseDriverMysqli":3:{s:2:"fc";O:17:"JSimplepieFactory":0:{}s:21:" in /home/xxx/public_html/classes/session.class.php on line 700

Link to comment
Share on other sites

The Illegal array key warning may have come from the same IP address. If so, they are the follow-on components of a 2015 exploit against JOOMLA, a content management system (CMS).

The mismatched User Agent (UA) string caused CubeCart to cancel the session info and kill the cookies for that visitor.

Al would have to check to see if any latest versions of CubeCart can exploited with this method.

Link to comment
Share on other sites

There is a Invalid Security Token and No customer information detected. Both of these could happen if the visitor requests pages from CubeCart out of a specific order - as if page requests were randomly being made, probably with a customized payload probing for the exploitable Joomla installation.

CubeCart maintains a security token and includes it on every page that has a submittable form (the POST payload). If a specially constructed POST payload is missing that token or has a stale token, CubeCart logs that event and kills the session.

Should the visitor continue with making page requests and ends up POSTing form data during any step in the checkout process, but now having all session data trashed, CubeCart reports that the order is missing identifying customer info.

The above is the "mess on the floor". When one throws spaghetti against the wall to see what sticks, rarely does the discussion turn to what to do about the "mess on the floor".

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...