TP-Docs
HTML5 Icon HTML5 Icon HTML5 Icon
TP on Social Media

Recent

User

Welcome to TinyPortal. Please login or sign up.

April 19, 2024, 10:50:18 PM

Login with username, password and session length

Stats

Members
  • Total Members: 3,885
  • Latest: Growner
Stats
  • Total Posts: 195,165
  • Total Topics: 21,219
  • Online today: 266
  • Online ever: 3,540 (September 03, 2022, 01:38:54 AM)
Users Online
  • Users: 1
  • Guests: 139
  • Total: 140
  • @rjen

help me understand error related to TP?

Started by brynn, May 21, 2017, 09:11:54 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

brynn

May 21, 2017, 09:11:54 PM Last Edit: May 24, 2017, 03:06:40 PM by brynn
Hi Friends,
I never have understood very well, the different kinds of errors that show up in the SMF Error Log.  But I've got one critical error which has me worried.  It looks like maybe someone tried to hack into TP. At least that's my newbie interpretation. (Newbie as far as the error log.)

I apologize if this is really an SMF problem.  I'm not sure how to tell.  But since TPortal.php is the affected file, it makes me think it's about TP.

Here's the info you request:

Link to my site: https://forum.inkscapecommunity.com/index.php
SMF version: 2.0.13  (I just noticed there's an upgrade, but it gives me some errors on installation, and I need to try and fix those.  I used to have help with that, but not anymore.  So it will take me a little time to sort it out.)
TP version: 1.2
Default Forum Language: English
Theme name and version: Aqua Style 2.0
Browser Name and Version: Firefox 53.02 (32-bit, although I'm not sure why it's not 64-bit...I'll have to investigate)
Mods installed: around 40 mods, could make a list if really necessary
Related Error messages: not sure which part you need, see below for whole thing

The user shown is Guest, with an IP address.

-- May 16, 2017, 08:32:55 AM
-- 6af5026145a777d4cc9376977682d3cc
-- Type of error: Critical

-- https://forum.inkscapecommunity.com/index.php?cat=1;p=12121121121212.1
-- Wrong value type sent to the database. Integer expected. (start)
Function: doTPcat
-- File: /home/brynn/public_html/forum/Sources/TPortal.php
-- Line: 1039

Is that something I need to be worried about?  Is there something I should do about it?

Thank you very much  :)

VladTepes

#1
May 22, 2017, 06:09:49 AM
What's in line 1039 of File: /home/brynn/public_html/forum/Sources/TPortal.php
and what is it related to?

(eg can you see from the area of that file what that might be a response to?)  It is likely that the code will show where it is getting a variable from, that may in turn lead to what caused it.

I'm a rank amateur too, but that's where I'd start looking.

illori

#2
May 22, 2017, 10:16:03 AM
looks to me like someone just trying to put in a value in the URL that does not exist and is not correct and as a result it gave an error. i would not worry about it unless it keeps happening from the same ip address.

brynn

#3
May 24, 2017, 02:58:23 PM
Thanks both illori and VladTepes  :)

Do you mean someone just typing a wrong URL can produce a critical error?

When I first contacted you the other day, it was just one error.  Now there are 9.  They're all identical, except for the IP and the string of numbers under the date. 

And I see lurkalot managed to produce it! So maybe all those new ones are people from this forum testing it?

Well I'm glad to hear it's not a serious problem (like a hacker or something broken).

Thanks again  :)

Edit - I don't know php code, but out of curiosity I looked up line 1039.  It appears to be the end of a section.  The entire line is
Code Select
);

VladTepes

#4
June 05, 2017, 07:17:00 AM
Oh and by the way in regard to your line in the OP

QuoteBrowser Name and Version:  Firefox 53.02 (32-bit, although I'm not sure why it's not 64-bit...I'll have to investigate)

It would pay to consider if an "upgrade" is worthwhile, or perhaps even adverse.
https://www.raymond.cc/blog/mozilla-firefox-64bit-build-performance-compared-to-32bit/

brynn

#5
October 01, 2017, 03:54:37 PM
Hi again
I'm still getting this error repeatedly, almost always by the same IP address, or maybe same few, but specifically one hits it a lot.  One of them typically hits it 6 or 8 times a day, anywhere from 20 minutes to 50 minutes apart.  Then the next few days, they produce the error 0 to 4 times (per day), then it will be a week or 2 with nothing, and then the same cycle happens again.  The other IP addresses probably hit it half that much.

I know Illori said last time not to worry unless it's always the same address.  And it does seem to always be the same -- at least one is always the same.  I'm pretty sure the others repeat too, but I didn't write them down to be sure.

If I could only figure out what link they are clicking, I think I would feel better.  But I don't think it is a link, that they aren't really human visitors, and that there's some script behind it.  It's always the exact same error message, from the exact same IP address (maybe more).  Well, there's one variation on it with a different URL and different Line in the code.  But it's mostly one of them.

I tried looking up the IP address in whois, and it's reg'd to wowrack.com, which looks like a regular webhost, related to Tucows, which I know is reputable.  So that doesn't seem so bad.  But why would they be scripting into my site, to a URL which they've been informed probably hundreds of times by now, produces an error?

Ooh...my domain registrar is Hover, which I think is related to Tucows as well....it seems like I saw that somewhere.  But why would the registrar do this?  If I only knew what "this" is!  Doesn't anyone else get this error?  And equally gnawing question, why is it aimed at TP?  Or is it only TP that is reporting it?

I tried searching the end part of the url, which doesn't include my domain, but no luck there.  No full matches.

Do you think I should just block them?  Or is there some way to find more about it first?  I have analytics, but so far, I haven't seen the errors on the same day they happen.  And the analytics seem to only be saved for a day.  (Well, I know I can save logs if I want.  I just haven't done it yet.)

Anyway, should I still not worry?  Or should I worry a little?

Thanks for your help  :)

Skhilled

#6
November 08, 2017, 02:40:29 PM
brynn, I'm no expert on this but because the same IP address keeps causing the same error it suggests some sort of bot. I'd start by searching the IP address at the following three sites to see if it is in their spammer/hacker databases:

https://stopforumspam.com/search

https://www.projecthoneypot.org/search_ip.php

https://www.spamhaus.org/lookup/

If the IP address is listed there then you know to ban the IP.

Now, the link in the error is strange, mostly the page number. I think that is in the trillions...who has that many pages? It appears that they are trying to cause an exploit by going over the allowed number of pages. I've been using TP and a Beta Tester for many years and have never thought TP could go that high.

You also are not using current versions of SMF or TP. Hackers love to target outdated software. So, even if you can't find out who or what is causing this you should always keep your software updated!
Print
Go Up Pages1
User actions