Tony Posted February 21, 2021 Share Posted February 21, 2021 I have this coming up under Admin Console -> Reporting -> Statistics -> Users Online Both of these IPs seems to be coming from search engines. But where are they hitting these 404s from? There seems to be no way for me to find it unless I dig into the access_log Is there a quick way for me to find what link they are going to that resulted for them to get these 404s so I can resolve this? Thanks, Link to comment Share on other sites More sharing options...
bsmither Posted February 21, 2021 Share Posted February 21, 2021 Try this: /classes/session.class.php, find near line 631: 'location' => currentPage(), Change to: 'location' => currentPage() . (strpos(currentPage(),"_a=404")!==false ? "<br />Real:".$_SERVER['REQUEST_URI'] : ""), Link to comment Share on other sites More sharing options...
Tony Posted February 21, 2021 Author Share Posted February 21, 2021 Thanks for that. I also saw your post in Github with additional codes - I have edited both codes and it doesn't show where it came from, so I assume it's hitting the 404s for no reasons? But as a test, I typed in random URL and it did show the path, which is helpful, so that's good. I'm still however puzzled to why they're hitting the 404 with no path... https://github.com/cubecart/v6/issues/2794 for reference. Link to comment Share on other sites More sharing options...
bsmither Posted February 21, 2021 Share Posted February 21, 2021 If you can get access to the web access logs, find a suspicious GET request and we can go from there. (Maybe that is exactly what the request actually is? If that is the case, then the 'Real' URI would also be index.php?_a=404, not blank.) Link to comment Share on other sites More sharing options...
Tony Posted February 21, 2021 Author Share Posted February 21, 2021 Next time it comes up, I'll dive into the access_log and see if I can find anything - if I do, will share here. Link to comment Share on other sites More sharing options...
Tony Posted February 21, 2021 Author Share Posted February 21, 2021 First one popped up Real:/robots.txt Oh yes, I don't have it. Will get this sorted. While digging through the access_log... There are lines to a /wp-login.php and also /wp-admin/admin-ajax.php - ha, no chance. But this is interesting /admin_xxxxx/skins/default/js/styles/images/ui-icons_454545_256x240.png I do not have that, not even in my CubeCart 6.4.2 install. It says it came from admin_xxxx/skins/default/js/styles/styles.php but it's not there, same with CSS file as far as I can see. It's the same for the following: ui-bg_glass_75_dadada_1x400.png ui-bg_glass_55_fbf9ee_1x400.png ui-bg_glass_75_e6e6e6_1x400.png ui-bg_highlight-soft_75_cccccc_1x100.png ui-icons_222222_256x240.png ui-bg_flat_75_ffffff_40x100.png And also for elsewhere from Apple's browser. /apple-touch-icon-120x120-precomposed.png /apple-touch-icon-120x120.png /apple-touch-icon-precomposed.png /apple-touch-icon.png I think I might need to make icons for that to keep Apple's fanboi happy. 8 minutes ago, Tony said: But this is interesting /admin_xxxxx/skins/default/js/styles/images/ui-icons_454545_256x240.png Found similar bug report - https://github.com/cubecart/v6/issues/1664 so I will raise a new bug report Link to comment Share on other sites More sharing options...
bsmither Posted February 21, 2021 Share Posted February 21, 2021 Perhaps! a previous version of CubeCart used those image files, but a current version does not. Which begs the question, does your site use .htaccess files, and does the .htaccess file have the following contents: ## Override default 404 error document for missing page resources ## <FilesMatch "\.(gif|jpe?g|png|ico|css|js|svg)$"> ErrorDocument 404 "<html></html> </FilesMatch> This was added so that the ErrorDocument 404 /index.php directive does not "wake up" CubeCart for page resources that aren't there. Along with the following, maybe this needs to be added as well: RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteCond %{REQUEST_URI} !=/robots.txt The files /wp-login.php and /wp-admin/admin-ajax.php are probable vectors for infiltrating and compromising WordPress installations. Link to comment Share on other sites More sharing options...
Tony Posted February 21, 2021 Author Share Posted February 21, 2021 18 minutes ago, bsmither said: Perhaps! a previous version of CubeCart used those image files, but a current version does not. I have not done any upgrades at all. This was a new & clean installation of v6.4.2 so something within the files must be still requesting this. Still, my bug report should resolve this anyway. 19 minutes ago, bsmither said: Which begs the question, does your site use .htaccess files, and does the .htaccess file have the following contents: ## Override default 404 error document for missing page resources ## <FilesMatch "\.(gif|jpe?g|png|ico|css|js|svg)$"> ErrorDocument 404 "<html></html> </FilesMatch> Yes, it exists - I didn't add it so CubeCart must have done so from a new installation of v6.4.2. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.