Jump to content

Tracing the 404s


Recommended Posts

I have this coming up under Admin Console -> Reporting -> Statistics -> Users Online

image.png.35a431cf687a8af9e144d8080981ce61.png

Both of these IPs seems to be coming from search engines. But where are they hitting these 404s from? There seems to be no way for me to find it unless I dig into the access_log

Is there a quick way for me to find what link they are going to that resulted for them to get these 404s so I can resolve this?

Thanks,

Link to post
Share on other sites

Try this:

/classes/session.class.php, find near line 631:

'location' => currentPage(),

Change to:

'location' => currentPage() . (strpos(currentPage(),"_a=404")!==false ? "<br />Real:".$_SERVER['REQUEST_URI'] : ""),

 

Link to post
Share on other sites

Thanks for that.

I also saw your post in Github with additional codes - I have edited both codes and it doesn't show where it came from, so I assume it's hitting the 404s for no reasons?

But as a test, I typed in random URL and it did show the path, which is helpful, so that's good.

I'm still however puzzled to why they're hitting the 404 with no path...

https://github.com/cubecart/v6/issues/2794 for reference.

Edited by Tony
Link to post
Share on other sites

If you can get access to the web access logs, find a suspicious GET request and we can go from there. (Maybe that is exactly what the request actually is? If that is the case, then the 'Real' URI would also be index.php?_a=404, not blank.)

Edited by bsmither
Link to post
Share on other sites

First one popped up

Real:/robots.txt

Oh yes, I don't have it. 😄 Will get this sorted.

While digging through the access_log...

There are lines to a /wp-login.php and also /wp-admin/admin-ajax.php - ha, no chance.

But this is interesting

/admin_xxxxx/skins/default/js/styles/images/ui-icons_454545_256x240.png

I do not have that, not even in my CubeCart 6.4.2 install. It says it came from admin_xxxx/skins/default/js/styles/styles.php but it's not there, same with CSS file as far as I can see.

It's the same for the following:
 

ui-bg_glass_75_dadada_1x400.png
ui-bg_glass_55_fbf9ee_1x400.png 
ui-bg_glass_75_e6e6e6_1x400.png
ui-bg_highlight-soft_75_cccccc_1x100.png
ui-icons_222222_256x240.png
ui-bg_flat_75_ffffff_40x100.png

And also for elsewhere from Apple's browser.

/apple-touch-icon-120x120-precomposed.png
/apple-touch-icon-120x120.png
/apple-touch-icon-precomposed.png
/apple-touch-icon.png

I think I might need to make icons for that to keep Apple's fanboi happy.

8 minutes ago, Tony said:

But this is interesting

/admin_xxxxx/skins/default/js/styles/images/ui-icons_454545_256x240.png

Found similar bug report - https://github.com/cubecart/v6/issues/1664 so I will raise a new bug report

Edited by Tony
Link to post
Share on other sites

Perhaps! a previous version of CubeCart used those image files, but a current version does not.

Which begs the question, does your site use .htaccess files, and does the .htaccess file have the following contents:

## Override default 404 error document for missing page resources ##
<FilesMatch "\.(gif|jpe?g|png|ico|css|js|svg)$">
  ErrorDocument 404 "<html></html>
</FilesMatch>

This was added so that the ErrorDocument 404 /index.php directive does not "wake up" CubeCart for page resources that aren't there.

Along with the following, maybe this needs to be added as well:

RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteCond %{REQUEST_URI} !=/robots.txt

The files /wp-login.php and /wp-admin/admin-ajax.php are probable vectors for infiltrating and compromising WordPress installations.

Link to post
Share on other sites
18 minutes ago, bsmither said:

Perhaps! a previous version of CubeCart used those image files, but a current version does not.

I have not done any upgrades at all. This was a new & clean installation of v6.4.2 so something within the files must be still requesting this. Still, my bug report should resolve this anyway.

19 minutes ago, bsmither said:

Which begs the question, does your site use .htaccess files, and does the .htaccess file have the following contents:

## Override default 404 error document for missing page resources ##
<FilesMatch "\.(gif|jpe?g|png|ico|css|js|svg)$">
  ErrorDocument 404 "<html></html>
</FilesMatch>

Yes, it exists - I didn't add it so CubeCart must have done so from a new installation of v6.4.2.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...