Claudia M Posted June 15, 2019 Share Posted June 15, 2019 I got these in my error logs and the last ones in my admin System Error Logs. I'm using PHP 7.3 ... Any help is appreciated. Also I had someone abandon their cart yesterday that was going to use PayPal Pro. [13-Jun-2019 15:50:11 America/Louisville] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /home/claudias/public_html/classes/cart.class.php on line 1196 [14-Jun-2019 09:25:52 America/Louisville] PHP Warning: Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '' New IP Address: '' Old User Agent: 'Mozilla/5.0 (Linux; Android 8.0.0; ASUS_Z017DC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.67 Mobile Safari/537.36' New User Agent: 'Mozilla/5.0 (Linux; Android 8.0.0; ASUS_Z017DC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.89 Mobile Safari/537.36' in /home/claudias/public_html/classes/session.class.php on line 700 [14-Jun-2019 13:38:33 America/Louisville] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /home/claudias/public_html/classes/db/database.class.php on line 691 [14-Jun-2019 14:59:56 America/Louisville] PHP Warning: Use of undefined constant cid - assumed 'cid' (this will throw an Error in a future version of PHP) in /home/claudias/public_html/modules/plugins/PayPal_Pro/gateway.class.php on line 470 ADMIN SYSYTEM ERROR LOG File: [catalogue.class.php] Line: [1045] "SELECT SQL_CALC_FOUND_ROWS * FROM `CubeCart_inventory` WHERE `product_id` IN (443,414,416,418,422,423,774,1040,914,917,920,929,939,940,1514,1515) AND CubeCart_inventory.status = '1' AND `live_from` < UNIX_TIMESTAMP() ORDER BY `custom_sort` ASC LIMIT 12 OFFSET 2.6545345345453E+14;" - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '2.6545345345453E+14' at line 1 Link to comment Share on other sites More sharing options...
bsmither Posted June 15, 2019 Share Posted June 15, 2019 The count() messages are a known issue. The Stored session data message is when CubeCart sees two different browsers using the same cookie. CubeCart considers this possibly malevolent and will kill the session (logging you out) and log the warning. A different browser includes updating the browser -- Chrome had a minor update. The undefined constant issue has just now been posted in the Github. The SQL error is interesting. It would be fun to search the web access logs to find the time-matched URL string. I suspect it was a search-based URL where the querystring part included: &page=100000000000000000000000000000000000000000000000000000000000000000000000000 which got rewritten into scientific notation. Link to comment Share on other sites More sharing options...
Claudia M Posted June 15, 2019 Author Share Posted June 15, 2019 "[14-Jun-2019 14:59:56 America/Louisville] PHP Warning: Use of undefined constant cid - assumed 'cid' (this will throw an Error in a future version of PHP) in /home/claudias/public_html/modules/plugins/PayPal_Pro/gateway.class.php on line 470" Can I go ahead and make the changes you suggested in the GitHub? "The SQL error is interesting. It would be fun to search the web access logs to find the time-matched URL string. I suspect it was a search-based URL where the querystring part included: &page=100000000000000000000000000000000000000000000000000000000000000000000000000 which got rewritten into scientific notation. " Could it be any of these? The time of the error was Yesterday, 13:38 ( there wasnt anything for that exact time 13:38) 157.55.39.35 - - [14/Jun/2019:07:38:14 +0100] "GET /images/source/lunchboxes-and-thermos/strawberry-shortcake-lunchbox-with-thermos/06-vintage-strawberry-shortcake-lunchbox-with-thermos-bottom.jpg HTTP/1.1" 200 101555 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" 54.36.150.25 - - [14/Jun/2019:07:38:57 +0100] "GET /images/source/telephones/tel209/05-beige-gte-starlite-telephone-left.jpg HTTP/1.1" 301 241 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)" 54.36.148.233 - - [14/Jun/2019:09:38:30 +0100] "GET /images/source/bowl-short-pedestal-footed/01-vintage-short-footed-diamond-point-ruby-flash-bowl-front.jpg HTTP/1.1" 200 63795 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)" 54.36.149.70 - - [14/Jun/2019:12:38:02 +0100] "GET /vintage-1949-parson-s-jersey-dairy-quart-milk-bottle.html HTTP/1.1" 200 15635 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)" 54.36.150.164 - - [14/Jun/2019:14:38:05 +0100] "GET /organization-and-storage.html HTTP/1.1" 200 15103 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)" 66.249.70.7 - - [14/Jun/2019:15:38:08 +0100] "GET /log-cabin-bicentennial-eagle-pancake-syrup-brown-bottle.html HTTP/1.1" 200 16523 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" Link to comment Share on other sites More sharing options...
bsmither Posted June 15, 2019 Share Posted June 15, 2019 Yes. No. But be careful of timezone differences. Link to comment Share on other sites More sharing options...
Claudia M Posted June 15, 2019 Author Share Posted June 15, 2019 How about this? 66.249.64.141 - - [14/Jun/2019:16:38:52 +0100] "GET /cache/0873f.js_foot.cbquick-620_20190130185210.js HTTP/1.1" 404 13 "https://www.claudiasbargains.com/incense-gift-sets.html?_a=category&sort%5Bcustom_sort%5D=ASC" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" Link to comment Share on other sites More sharing options...
bsmither Posted June 15, 2019 Share Posted June 15, 2019 That is a "custom_sort" URL, but this particular request (made from incense-gift-sets) is for the (combined) cached javascript file that does not exist (404). Link to comment Share on other sites More sharing options...
Claudia M Posted June 15, 2019 Author Share Posted June 15, 2019 I think this might be it 24.51.244.139 - - [14/Jun/2019:18:38:14 +0100] "GET /images/source/tools-locks-scales/bone-saw/04-old-bone-saw-handle-back.jpg HTTP/1.1" 200 47133 "https://www.google.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" 132.148.132.7 - - [14/Jun/2019:18:38:30 +0100] "GET /tools-and-locks.html?page=2'\" HTTP/1.1" 200 89912 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:31 +0100] "GET /tools-and-locks.html?page=2 HTTP/1.1" 200 79856 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:32 +0100] "GET /tools-and-locks.html?page=22121121121212.1 HTTP/1.1" 200 74625 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:34 +0100] "GET /tools-and-locks.html?page=2%20and%201%3D1 HTTP/1.1" 200 89654 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:35 +0100] "GET /tools-and-locks.html?page=2%20and%201%3E1 HTTP/1.1" 200 89654 "-" "-" 54.36.148.63 - - [14/Jun/2019:18:38:35 +0100] "GET /vintage-ornate-brass-and-copper-metal-pitcher-mug-creamer.html HTTP/1.1" 200 16325 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)" 54.36.150.90 - - [14/Jun/2019:18:38:36 +0100] "GET /purepac-blue-stone-copper-sulfate-weed-control-tin.html HTTP/1.1" 200 16653 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)" 132.148.132.7 - - [14/Jun/2019:18:38:36 +0100] "GET /tools-and-locks.html?page=2%27%20and%20%27x%27%3D%27x HTTP/1.1" 200 90326 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:37 +0100] "GET /tools-and-locks.html?page=2%27%20and%20%27x%27%3D%27y HTTP/1.1" 200 90328 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:39 +0100] "GET /tools-and-locks.html?page=2\"%20and%20\"x\"%3D\"x HTTP/1.1" 200 90326 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:40 +0100] "GET /tools-and-locks.html?page=2%22%20and%20%22x%22%3D%22y HTTP/1.1" 200 90326 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:41 +0100] "GET /tools-and-locks.html?page=2%20AND%201=1 HTTP/1.1" 200 89754 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:45 +0100] "GET /tools-and-locks.html?page=2999999.1%20union%20select%20unhex(hex(version()))%20--%20and%201%3D1 HTTP/1.1" 200 90406 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:46 +0100] "GET /tools-and-locks.html?page=299999%27%20union%20select%20unhex(hex(version()))%20--%20%27x%27=%27x HTTP/1.1" 200 90881 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:47 +0100] "GET /tools-and-locks.html?page=299999%22%20union%20select%20unhex(hex(version()))%20--%20%22x%22=%22x HTTP/1.1" 200 90983 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:49 +0100] "GET /tools-and-locks.html?page=2%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20and%201%3D1 HTTP/1.1" 200 92601 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:50 +0100] "GET /tools-and-locks.html?page=2%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20%27x%27=%27x HTTP/1.1" 200 93123 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:51 +0100] "GET /tools-and-locks.html?page=2%22%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20%22x%22=%22x HTTP/1.1" 200 93123 "-" "-" Link to comment Share on other sites More sharing options...
bsmither Posted June 15, 2019 Share Posted June 15, 2019 It looks like 132.148.132.7 is doing some penetration testing. Link to comment Share on other sites More sharing options...
Claudia M Posted June 16, 2019 Author Share Posted June 16, 2019 Should I do anything? Is this bad? It's a GoDaddy IP Link to comment Share on other sites More sharing options...
bsmither Posted June 16, 2019 Share Posted June 16, 2019 Nothing one can do about it. One just relies on the programmer to code things in such a way as to render impotent such shenanigans. It's only bad if it succeeds. Link to comment Share on other sites More sharing options...
Claudia M Posted June 16, 2019 Author Share Posted June 16, 2019 Thanks Brian. I'm just going to empty my error log. Link to comment Share on other sites More sharing options...
Claudia M Posted June 21, 2019 Author Share Posted June 21, 2019 [13-Jun-2019 15:50:11 America/Louisville] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /home/claudias/public_html/classes/cart.class.php on line 1196 " The count() messages are a known issue. " Has this been reported to the Github. Any idea when it will get fixed? I keep getting the warning. Thanks, Claudia Link to comment Share on other sites More sharing options...
bsmither Posted June 21, 2019 Share Posted June 21, 2019 PHP documentation says: Warning: count(): Parameter must be an array or an object that implements Countable in … // as of PHP 7.2 I think there is another instance of this. But, an edit: /classes/cart.class.php, line 1196: From: if (count($this->basket['contents']) == 0) { To: if (empty($this->basket['contents'])) { To me, using empty is easier than checking for a count of zero - which is an empty array. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.