Jump to content
Sign in to follow this  
Claudia M

Found these in my Error Log

Recommended Posts

I found these in the cPanel error log.  Any idea what they mean?  What should I do to quit getting them as I got the same ones yesterday too.  Thanks in advance for any and all help.

I replaced my database name with xxx

Claudia

 

10-Apr-2019 01:19:57 UTC] PHP Warning:  Invalid Security Token in /home/xxx/public_html/classes/sanitize.class.php on line 155
[10-Apr-2019 01:21:01 UTC] PHP Warning:  Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '91.121.222.157' New IP Address: '91.121.222.157' Old User Agent: '}__test|O:21:"JDatabaseDriverMysqli":3:{s:2:"fc";O:17:"JSimplepieFactory":0:{}s:21:" in /home/xxx/public_html/classes/session.class.php on line 700
[09-Apr-2019 21:32:46 America/Louisville] PHP Warning:  No customer information detected. Order summary was not built or inserted. in /home/xxx/public_html/classes/order.class.php on line 1362
[10-Apr-2019 01:35:13 UTC] PHP Warning:  Invalid Security Token in /home/xxx/public_html/classes/sanitize.class.php on line 155
[10-Apr-2019 16:24:28 UTC] PHP Warning:  Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '192.99.4.102' New IP Address: '192.99.4.102' Old User Agent: '}__test|O:21:"JDatabaseDriverMysqli":3:{s:2:"fc";O:17:"JSimplepieFactory":0:{}s:21:" in /home/xxx/public_html/classes/session.class.php on line 700
[10-Apr-2019 16:24:55 UTC] PHP Warning:  Security Warning: Illegal array key "#post_render" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 114
[10-Apr-2019 16:24:55 UTC] PHP Warning:  Security Warning: Illegal array key "#type" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 114
[10-Apr-2019 16:24:55 UTC] PHP Warning:  Security Warning: Illegal array key "#markup" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 114
[10-Apr-2019 16:24:55 UTC] PHP Warning:  Security Warning: Illegal array key "#post_render" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 114
[10-Apr-2019 16:24:55 UTC] PHP Warning:  Security Warning: Illegal array key "#type" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 114
[10-Apr-2019 16:24:55 UTC] PHP Warning:  Security Warning: Illegal array key "#markup" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 114
[10-Apr-2019 16:26:07 UTC] PHP Warning:  Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '192.99.4.102' New IP Address: '192.99.4.102' Old User Agent: '}__test|O:21:"JDatabaseDriverMysqli":3:{s:2:"fc";O:17:"JSimplepieFactory":0:{}s:21:" in /home/xxx/public_html/classes/session.class.php on line 700
[10-Apr-2019 16:26:25 UTC] PHP Warning:  Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '192.99.4.102' New IP Address: '192.99.4.102' Old User Agent: '}__test|O:21:"JDatabaseDriverMysqli":3:{s:2:"fc";O:17:"JSimplepieFactory":0:{}s:21:" in /home/xxx/public_html/classes/session.class.php on line 700

Share this post


Link to post
Share on other sites

The Illegal array key warning may have come from the same IP address. If so, they are the follow-on components of a 2015 exploit against JOOMLA, a content management system (CMS).

The mismatched User Agent (UA) string caused CubeCart to cancel the session info and kill the cookies for that visitor.

Al would have to check to see if any latest versions of CubeCart can exploited with this method.

Share this post


Link to post
Share on other sites

You might drop a note to your hosting provider. Advise them there have been probes against your site attempting to discover an exploitable Joomla installation.

But probes happen. Not much you can do about it.

Share this post


Link to post
Share on other sites

There is a Invalid Security Token and No customer information detected. Both of these could happen if the visitor requests pages from CubeCart out of a specific order - as if page requests were randomly being made, probably with a customized payload probing for the exploitable Joomla installation.

CubeCart maintains a security token and includes it on every page that has a submittable form (the POST payload). If a specially constructed POST payload is missing that token or has a stale token, CubeCart logs that event and kills the session.

Should the visitor continue with making page requests and ends up POSTing form data during any step in the checkout process, but now having all session data trashed, CubeCart reports that the order is missing identifying customer info.

The above is the "mess on the floor". When one throws spaghetti against the wall to see what sticks, rarely does the discussion turn to what to do about the "mess on the floor".

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...