Michel_72 Posted October 8, 2022 Posted October 8, 2022 (edited) Hi, I just moved from php7.4 to 8.1 and since then I see some errors in the logs. I tried disabling the few plugins and hooks I use and the errors still persist. What can I do about them? Reoccurring system log entries may be indicative of a problem that should be addressed. A summary of the top reoccurring recent log entries are shown below. Review the system log for further details. Message Count TypeError: Unsupported operand types: string + int (0) #0 /var/www/sat4all.com/webroot/forums/applications/core/modules/front/search/search.php(126): IPS\core\modules\front\search\_search->_results() #1 /var/www/sat4all.com/webroot/forums/system/Dispatcher/Controller.php(118): IPS\core\modules\front\search\_search->manage() #2 /var/www/sat4all.com/webroot/forums/system/Dispatcher/Dispatcher.php(153): IPS\Dispatcher\_Controller->execute() #3 /var/www/sat4all.com/webroot/forums/index.php(13): IPS\_Dispatcher->run() #4 {main} 292 SELECT main.*, cms_pages.page_ FROM `core_search_index` AS `main` LEFT JOIN `cms_pages` ON cms_pages.page_id=main.index_item_id WHERE ( ( index_class IN('IPS\\core\\Statuses\\Status','IPS\\core\\Statuses\\Reply') ) OR index_class='IPS\cms\Pages\PageItem' OR index_class='IPS\forums\Topic\Post' OR ( index_class IN('IPS\\nexus\\Package\\Item','IPS\\nexus\\Package\\Review') ) ) AND ( ( index_class='IPS\cms\Pages\PageItem' AND cms_pages.page_>=0 ) ) AND ( ( MATCH(index_content,index_title) AGAINST ('' IN BOOLEAN MODE) ) OR ( index_item_index_id=index_id AND index_item_index_id IN ( SELECT index_id FROM `core_search_index_tags` WHERE ( index_tag IN('anders') ) ) ) ) AND ( index_permissions = '*' OR ( FIND_IN_SET(2,index_permissions) ) ) AND index_hidden=0 ORDER BY index_date_created DESC LIMIT 0,25 IPS\Db\Exception: Unknown column 'cms_pages.page_' in 'field list' (1054) #0 /var/www/sat4all.com/webroot/forums/system/Db/Select.php(388): IPS\_Db->preparedQuery() #1 /var/www/sat4all.com/webroot/forums/system/Db/Select.php(446): IPS\Db\_Select->runQuery() #2 [internal function]: IPS\Db\_Select->rewind() #3 /var/www/sat4all.com/webroot/forums/system/Content/Search/Mysql/Query.php(1329): iterator_to_array() #4 /var/www/sat4all.com/webroot/forums/applications/core/modules/front/search/search.php(746): IPS\Content\Search\Mysql\_Query->search() #5 /var/www/sat4all.com/webroot/forums/applications/core/modules/front/search/search.php(126): IPS\core\modules\front\search\_search->_results() #6 /var/www/sat4all.com/webroot/forums/system/Dispatcher/Controller.php(118): IPS\core\modules\front\search\_search->manage() #7 /var/www/sat4all.com/webroot/forums/system/Dispatcher/Dispatcher.php(153): IPS\Dispatcher\_Controller->execute() #8 /var/www/sat4all.com/webroot/forums/index.php(13): IPS\_Dispatcher->run() #9 {main} 20 SELECT main.*, cms_pages.page_, ((MATCH(index_title) AGAINST ('' IN BOOLEAN MODE)*5)+(MATCH(index_content,index_title) AGAINST ('' IN BOOLEAN MODE)))/POWER(( ( UNIX_TIMESTAMP( NOW() ) - ( CASE WHEN index_date_updated <= UNIX_TIMESTAMP( NOW() ) THEN index_date_updated ELSE 0 END )) / 3600 ) + 2,1.5) AS calcscore FROM `core_search_index` AS `main` LEFT JOIN `cms_pages` ON cms_pages.page_id=main.index_item_id WHERE ( ( index_class IN('IPS\\core\\Statuses\\Status','IPS\\core\\Statuses\\Reply') ) OR index_class='IPS\cms\Pages\PageItem' OR index_class='IPS\forums\Topic\Post' OR ( index_class IN('IPS\\nexus\\Package\\Item','IPS\\nexus\\Package\\Review') ) ) AND ( ( index_class='IPS\cms\Pages\PageItem' AND cms_pages.page_>=0 ) ) AND ( ( MATCH(index_content,index_title) AGAINST ('' IN BOOLEAN MODE) ) OR ( index_item_index_id=index_id AND ( index_item_index_id IN(2682036) ) ) ) AND ( index_permissions = '*' OR ( FIND_IN_SET(2,index_permissions) ) ) AND index_hidden=0 ORDER BY calcscore DESC LIMIT 0,25 IPS\Db\Exception: Unknown column 'cms_pages.page_' in 'field list' (1054) #0 /var/www/sat4all.com/webroot/forums/system/Db/Select.php(388): IPS\_Db->preparedQuery() #1 /var/www/sat4all.com/webroot/forums/system/Db/Select.php(446): IPS\Db\_Select->runQuery() #2 [internal function]: IPS\Db\_Select->rewind() #3 /var/www/sat4all.com/webroot/forums/system/Content/Search/Mysql/Query.php(1329): iterator_to_array() #4 /var/www/sat4all.com/webroot/forums/applications/core/modules/front/search/search.php(746): IPS\Content\Search\Mysql\_Query->search() #5 /var/www/sat4all.com/webroot/forums/applications/core/modules/front/search/search.php(126): IPS\core\modules\front\search\_search->_results() #6 /var/www/sat4all.com/webroot/forums/system/Dispatcher/Controller.php(118): IPS\core\modules\front\search\_search->manage() #7 /var/www/sat4all.com/webroot/forums/system/Dispatcher/Dispatcher.php(153): IPS\Dispatcher\_Controller->execute() #8 /var/www/sat4all.com/webroot/forums/index.php(13): IPS\_Dispatcher->run() #9 {main} 15 SELECT main.*, cms_pages.page_, ((MATCH(index_title) AGAINST ('' IN BOOLEAN MODE)*5)+(MATCH(index_content,index_title) AGAINST ('' IN BOOLEAN MODE)))/POWER(( ( UNIX_TIMESTAMP( NOW() ) - ( CASE WHEN index_date_updated <= UNIX_TIMESTAMP( NOW() ) THEN index_date_updated ELSE 0 END )) / 3600 ) + 2,1.5) AS calcscore FROM `core_search_index` AS `main` LEFT JOIN `cms_pages` ON cms_pages.page_id=main.index_item_id WHERE ( ( index_class IN('IPS\\core\\Statuses\\Status','IPS\\core\\Statuses\\Reply') ) OR index_class='IPS\cms\Pages\PageItem' OR index_class='IPS\forums\Topic\Post' OR ( index_class IN('IPS\\nexus\\Package\\Item','IPS\\nexus\\Package\\Review') ) ) AND ( ( index_class='IPS\cms\Pages\PageItem' AND cms_pages.page_>=0 ) ) AND ( ( MATCH(index_content,index_title) AGAINST ('' IN BOOLEAN MODE) ) OR ( index_item_index_id=index_id AND index_item_index_id IN ( SELECT index_id FROM `core_search_index_tags` WHERE ( index_tag IN('canaldigitaal') ) ) ) ) AND ( index_permissions = '*' OR ( FIND_IN_SET(2,index_permissions) ) ) AND index_hidden=0 ORDER BY calcscore DESC LIMIT 0,25 IPS\Db\Exception: Unknown column 'cms_pages.page_' in 'field list' (1054) #0 /var/www/sat4all.com/webroot/forums/system/Db/Select.php(388): IPS\_Db->preparedQuery() #1 /var/www/sat4all.com/webroot/forums/system/Db/Select.php(446): IPS\Db\_Select->runQuery() #2 [internal function]: IPS\Db\_Select->rewind() #3 /var/www/sat4all.com/webroot/forums/system/Content/Search/Mysql/Query.php(1329): iterator_to_array() #4 /var/www/sat4all.com/webroot/forums/applications/core/modules/front/search/search.php(746): IPS\Content\Search\Mysql\_Query->search() #5 /var/www/sat4all.com/webroot/forums/applications/core/modules/front/search/search.php(126): IPS\core\modules\front\search\_search->_results() #6 /var/www/sat4all.com/webroot/forums/system/Dispatcher/Controller.php(118): IPS\core\modules\front\search\_search->manage() #7 /var/www/sat4all.com/webroot/forums/system/Dispatcher/Dispatcher.php(153): IPS\Dispatcher\_Controller->execute() #8 /var/www/sat4all.com/webroot/forums/index.php(13): IPS\_Dispatcher->run() #9 {main} One specific error: TypeError: flock(): Argument #1 ($stream) must be of type resource, bool given in /var/www/sat4all.com/webroot/forums/system/Theme/Cache/Template.php:90 Stack trace: #0 /var/www/sat4all.com/webroot/forums/system/Theme/Cache/Template.php(90): flock() #1 /var/www/sat4all.com/webroot/forums/system/Theme/Theme.php(802): IPS\Theme\Cache\_Template->exists() #2 /var/www/sat4all.com/webroot/forums/system/Login/Handler/ButtonHandler.php(42): IPS\_Theme->getTemplate() #3 /var/www/sat4all.com/webroot/forums/system/Theme/Theme.php(885) : eval()'d code(7631): IPS\Login\Handler\_OAuth2->button() #4 /var/www/sat4all.com/webroot/forums/system/Theme/SandboxedTemplate.php(61): IPS\Theme\class_core_front_global->loginPopup() #5 /var/www/sat4all.com/webroot/forums/system/Theme/Theme.php(885) : eval()'d code(17467): IPS\Theme\_SandboxedTemplate->__call() #6 /var/www/sat4all.com/webroot/forums/system/Theme/SandboxedTemplate.php(61): IPS\Theme\class_core_front_global->userBar() #7 /var/www/sat4all.com/webroot/forums/system/Theme/Theme.php(885) : eval()'d code(6638): IPS\Theme\_SandboxedTemplate->__call() #8 /var/www/sat4all.com/webroot/forums/system/Theme/SandboxedTemplate.php(61): IPS\Theme\class_core_front_global->globalTemplate() #9 /var/www/sat4all.com/webroot/forums/system/Dispatcher/Dispatcher.php(173): IPS\Theme\_SandboxedTemplate->__call() #10 /var/www/sat4all.com/webroot/forums/system/Dispatcher/Standard.php(113): IPS\_Dispatcher->finish() #11 /var/www/sat4all.com/webroot/forums/system/Dispatcher/Front.php(625): IPS\Dispatcher\_Standard->finish() #12 /var/www/sat4all.com/webroot/forums/system/Dispatcher/Dispatcher.php(155): IPS\Dispatcher\_Front->finish() #13 /var/www/sat4all.com/webroot/forums/index.php(13): IPS\_Dispatcher->run() #14 {main} #0 /var/www/sat4all.com/webroot/forums/system/Theme/SandboxedTemplate.php(71): IPS\_Log::log() #1 /var/www/sat4all.com/webroot/forums/system/Theme/Theme.php(885) : eval()'d code(17467): IPS\Theme\_SandboxedTemplate->__call() #2 /var/www/sat4all.com/webroot/forums/system/Theme/SandboxedTemplate.php(61): IPS\Theme\class_core_front_global->userBar() #3 /var/www/sat4all.com/webroot/forums/system/Theme/Theme.php(885) : eval()'d code(6638): IPS\Theme\_SandboxedTemplate->__call() #4 /var/www/sat4all.com/webroot/forums/system/Theme/SandboxedTemplate.php(61): IPS\Theme\class_core_front_global->globalTemplate() #5 /var/www/sat4all.com/webroot/forums/system/Dispatcher/Dispatcher.php(173): IPS\Theme\_SandboxedTemplate->__call() #6 /var/www/sat4all.com/webroot/forums/system/Dispatcher/Standard.php(113): IPS\_Dispatcher->finish() #7 /var/www/sat4all.com/webroot/forums/system/Dispatcher/Front.php(625): IPS\Dispatcher\_Standard->finish() #8 /var/www/sat4all.com/webroot/forums/system/Dispatcher/Dispatcher.php(155): IPS\Dispatcher\_Front->finish() #9 /var/www/sat4all.com/webroot/forums/index.php(13): IPS\_Dispatcher->run() #10 {main} Edited October 8, 2022 by Michel_72
Mark H Posted October 10, 2022 Posted October 10, 2022 I've moved this topic to the support section, however the admin login details from your client area do not work. The login account does not have permission to the admin panel URL (it's a 403 "Forbidden" error). Please make that account an unrestricted admin, and also allow us to access your admin panel URL.
Michel_72 Posted October 11, 2022 Author Posted October 11, 2022 (edited) Hi, I was hoping some other community user would have been able to help based on the logs. Acces to the CP and sftp has to be opened manually due to security reasons. It is now accessible from your IP-address. 🙂 Edited October 11, 2022 by Michel_72
Michel_72 Posted October 11, 2022 Author Posted October 11, 2022 (edited) Looking at the logs one of the errors seems to be related to the UBBthreads convertor The URL of page the error occurred on was https://www.sat4all.com/forums/ubbthreads.php/topics/330061/index2.php?_SERVER[0]=&_SERVER[REMOTE_ADDR]='.system('id').exit().'&option=wrapper&module[module]=1 Edited October 11, 2022 by Michel_72
Marc Posted October 11, 2022 Posted October 11, 2022 Those are erroring as they are not valid UBB URLs and it actually looks like someones attempt to hack your site. I would certainly suggest changing your own username and passwords that are being used on the site, as they are coming from your login, according to the logs
Michel_72 Posted October 11, 2022 Author Posted October 11, 2022 (edited) Hi Marc, Could you be so kind to (privately) sent me more information about that? I use extremely long generated passwords and never the same password for multiple logins. Nothing is impossible, but it seems unlikely that this is actually what is happening. I have just changed it, 32 characters and rather complex. I think the confusion comes from me clicking some of the error URL's in the logs. I'm quit sure my login has not been compromised 😉 Edited October 11, 2022 by Michel_72
Marc Posted October 11, 2022 Posted October 11, 2022 To be honest, there isnt really anything to sent you privately. If you click on the error log, its under your name. In fact its in what you posted above. So that person was logged in as you. It may be you have clicked a link somewhere, or even an issue on your computer itself being compromised.
Michel_72 Posted October 11, 2022 Author Posted October 11, 2022 I was logged in to the ACP and I clicked on this URL: I can reproduce this easily. I click these URL's in the error log within the ACP, I am obviously logged in then so I create a new error in the error log using MY IP and login, which to me seems to be caused by one reason only, me clicking the link myself. There is loads of errors in the logs coming from different IP-addresses and "I presume" guests or different logins. Could you please help clarifying this as I feel we are on the wrong track here, or I am misunderstanding you completely here.... Some proof of better explanation would be nice 🙂
Michel_72 Posted October 11, 2022 Author Posted October 11, 2022 (edited) As far as I can see these errors all come from different IP's and not using my account: It feels like you are jumping to conclusions here and you sort of scared me by making me think my Mac and/or forum account has been hacked which does not seem likely (but is certainly not impossible) due to all the security measures I take. One example of the IP's from above log: Edited October 11, 2022 by Michel_72
Marc Posted October 11, 2022 Posted October 11, 2022 It will indeed produce the same error if you click the links. Aas they are still the same invalid links. So no matter where you use them from, they would still be invalid and cause errors. However with what is in the errors show (specifically the part at the end from _SERVER[0]) it would indicate someone is likely trying to hack your site. Unsuccessfully I should add. In short, they are erroring correctly, as they should There is no jumping to conclusions here. I am simply reading the URL. "_SERVER[0]=&_SERVER[REMOTE_ADDR]='.system('id').exit().'&option=wrapper&module[module]=1" Someone there has added exit to try and break the script. This is there in the URL. The "error logs" you are now showing are not the same. Those are error logs, not system logs.
Michel_72 Posted October 11, 2022 Author Posted October 11, 2022 Ok, so 3 conclusions then? 1. Someone is unsuccessfully trying to hack my website by forming invalid URL's? 2. My invision community account or Mac has not been hacked, this was a mistake caused by me clicking the error urls? 3. Judging the logs there is nothing to worry about, my invision community is working correctly?
Solution Marc Posted October 11, 2022 Solution Posted October 11, 2022 Kind of 1. Someone is unsuccessfully trying to hack my website by forming invalid URL's? Correct 2. My invision community account or Mac has not been hacked, this was a mistake caused by me clicking the error urls? There is no way of knowing that. The only thing we know is they are under your account. Therefore you should change your password as originally mentioned 3. Judging the logs there is nothing to worry about, my invision community is working correctly? Its correctly failing, yes. I suspect once you change your password, they will actually stop happening
Michel_72 Posted October 11, 2022 Author Posted October 11, 2022 (edited) That conclusion still suggests my account has been used by hackers, which I have found absolutely no proof for whatsoever. Not in the invision community logs, not in the webserver logs. I only found attempts of me intentionally clicking some URL's in the logs which caused new errors in the logs. Something I can still successfully reproduce even now I have changed my account password to a new 32 character long password. Every single time my IP or account showed up in the logs, it was me clicking one of those URL's in the ACP to see what error they would generate. I appreciate you looking into this, but I still think you are wrongfully accusing me of having my account and or computer compromised, which does not seem to be the case at all. Edited October 11, 2022 by Michel_72
Marc Posted October 11, 2022 Posted October 11, 2022 One thing I just thought of. Check to see if the IP against those with your name on is actually your IP 1 minute ago, Michel_72 said: Every single time my IP or account showed up in the logs, it was me clicking one of those URL's in the ACP to see what error they would generate. Ah, unfortunately we didnt actually have this information. That being the case, I would suggest blocking the IPs of those which are not your own IP
Michel_72 Posted October 11, 2022 Author Posted October 11, 2022 (edited) 38 minutes ago, Michel_72 said: I can reproduce this easily. I click these URL's in the error log within the ACP, I am obviously logged in then so I create a new error in the error log using MY IP and login, which to me seems to be caused by one reason only, me clicking the link myself. There is loads of errors in the logs coming from different IP-addresses and "I presume" guests or different logins. Could you please help clarifying this as I feel we are on the wrong track here, or I am misunderstanding you completely here.... Some proof of better explanation would be nice 🙂 54 minutes ago, Michel_72 said: I think the confusion comes from me clicking some of the error URL's in the logs. I'm quit sure my login has not been compromised 😉 well.... 😉 Edited October 11, 2022 by Michel_72
Michel_72 Posted October 11, 2022 Author Posted October 11, 2022 (edited) No probs, I'm just glad it's sorted 😉 Edited October 11, 2022 by Michel_72
Recommended Posts