I am getting a few of these errors in my error log. Just curious what it's pertaining to.

Patrick
ECT 7.4.8
PHP 8.0.17

AH01071: Got error 'PHP message: PHP Warning: Undefined variable $jscript in /var/www/vhosts/XXXXXXXX.com/httpdocs/vsadmin/inc/incclientlog.php on line 1218PHP message: PHP Warning: Undefined variable $qetype in /var/www/vhosts/XXXXXX.com/httpdocs/vsadmin/inc/incclientlog.php on line 1228PHP message: PHP Warning: Undefined variable $qetype in /var/www/vhosts/XXXXXXXX.com/httpdocs/vsadmin/inc/incclientlog.php on line 1230PHP message: PHP Warning: Undefined variable $qetype in /var/www/vhosts/XXXXXXXX.com/httpdocs/vsadmin/inc/incclientlog.php on line 1232PHP message: PHP Warning: Undefined variable $qetype in /var/www/vhosts/XXXXXXXXX.com/httpdocs/vsadmin/inc/incclientlog.php on line 1234', referer: https://www.XXXXXXXXX.com/vsadmin/admin.php

Hi Patrick
Yes, that seems to be an uninitialised variable but as it's at the end of the file it kind of escapes attention. I've fixed it now and added the fix to the updater. Thanks for pointing it out!!

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Thanks Vince

I just noticed two others but I'm sure they are not ECT issues. Just curious what they might pertain to.

[client 20.106.131.188] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/custom/006_i360_4_custom.conf"] [line "290"] [id "77141064"] [msg "IM360 WAF: CMS Recon Bot detected||MVN:REQUEST_FILENAME||T:APACHE||MV:/xmlrpc.php||RM:GET"] [severity "NOTICE"] [tag "service_i360custom"] [tag "noshow"] Warning. String match "xmlrpc.php" at REQUEST_FILENAME. [hostname "www.XXXXXX.com"] [uri "/xmlrpc.php"] [unique_id "YlGP7yU9CuZD0fQgJdVDBQAAAAM"]

[client 20.106.131.188] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/custom/006_i360_4_custom.conf"] [line "529"] [id "77317945"] [msg "IM360 WAF: Really Simple Discovery to xmlrpc||MVN:ARGS||MV:1||T:APACHE||"] [severity "NOTICE"] [tag "service_i360custom"] [tag "noshow"] Warning. Operator GT matched 0 at ARGS. [hostname "www.XXXXXX.com"] [uri "/xmlrpc.php"] [unique_id "YlGP7yU9CuZD0fQgJdVDBQAAAAM"]

Nothing to worry about there, that's ModSecurity reporting on an attempt to access a WordPress file named xmlrpc.php. That's a very common attack vector as a successful attempt there could allow a malicious user to take control of a WordPress site. Most WordPress sites don't use that file any more, so even if you did run WordPress you could disable or even delete it (it's used for things like trackbacks/pingbacks, publishing content remotely via the WordPress mobile app etc, and has been superseded by the REST API); the site run will run fine without it.

The source is a Microsoft IP address, so could be Microsoft gathering information on who is using what, but more likely a malicious user operating from Microsoft Azure, as these big cloud hosts are a popular home for hacker types. Given the other requests from the same address, all searching various locations for a WordPress install to attack, that seems more probable.

Peter


Professional ecommerce web hosting services
Shared hosting Windows & Linux | Dedicated servers | Domains | SSL
Ecommerce Templates specialists since 2003
https://servelink.com

Thanks for the clarification Peter

Patrick

You're welcome

Peter


Professional ecommerce web hosting services
Shared hosting Windows & Linux | Dedicated servers | Domains | SSL
Ecommerce Templates specialists since 2003
https://servelink.com