Permalinks 404 error for non-existent sub directories

5 posts by 2 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: July 4, 2018   (RSS)

By gregThomas - July 2, 2018 - edited: July 2, 2018

Hey Greg,

Are you these entries from the same IP address (the IP address is listed in the CMSB error log entries)? It might be worth adding a rule to your htaccess to block them if they are:

Order Deny,Allow
Deny from 192.168.1.1

If you're not using the jform POST/GET variable at all, you could also block these requests by adding the following to your newsletter subscription form:

if( isset($_REQUEST['jform']) ) { dieWith404("Permission denied"); } 

Thanks,

Greg

Greg Thomas







PHP Programmer - interactivetools.com

By gversion - July 4, 2018

Hi Greg,

Thanks for the help. It seems all the entries were coming from the same IP (89.161.135.94) and from a bit of Googling I can see that this IP has been listed on spam databases. I have added the following as you suggested so hopefully that will take care of things for the time being:

Order Deny,Allow

Deny from 89.161.135.94


What is the jform POST/GET variable?

Currently my subscription form code is as follows:

<form id="subscribeform" method="post" action="/thankyou-subscription.php" class="form-inline">
<div class="input-group">
<?php if (@$authUserNum): ?>
<?php echo htmlencode($authUserEmail); ?>
<?php else: ?>
<input type="email" id="e" name="e" class="form-control" placeholder="Email address" value="<?php echo htmlencode(@$_REQUEST['e']) ?>" required />
<?php endif ?>
<input type="hidden" name="submitForm" value="1" />
<input type="hidden" name="n" value="<?php echo htmlencode(@$_REQUEST['n']); ?>" /><?php // subscriber num ?>
<input type="hidden" name="a" value="<?php echo htmlencode(@$_REQUEST['a']); ?>" /><?php // subscriber authkey ?>
<input type="hidden" name="m" value="<?php echo htmlencode(@$_REQUEST['m']); ?>" /><?php // message num ?>
<input type="hidden" name="lists[]" value="<?php echo htmlencode($lists[0]['num']); ?>" <?php echo @$checkedAttr; ?> />
<span class="input-group-btn">
<button class="btn btn-success" id="subscribe" name="subscribe" type="submit" value="Update Subscriptions"><strong>Subscribe</strong></button>
</span>
</div>
</form>

If I am not using the jform POST/GET variable then could I just insert your suggested "if" statement above line 3? So it would be as follows:

<form id="subscribeform" method="post" action="/thankyou-subscription.php" class="form-inline">
<div class="input-group">
<?php if( isset($_REQUEST['jform']) ) { dieWith404("Permission denied"); } ?>
<?php if (@$authUserNum): ?>
<?php echo htmlencode($authUserEmail); ?>
....

Thank you for your help.

Regards,

Greg

By gregThomas - July 4, 2018

Hey Greg,

The jForm variable ($_REQUEST['jform']) is something that the scripter is sending in his requests. My guess is it's used by one of the major CMS's (Joomla, Wordpress, etc) login forms or popular plugins, and he's trying to use a known exploit to gain access to the server or send spam email.

Looking at your code, you're fine to add the die statement to line 3 of the form as you don't use a variable called jform in your form. I'd also recommend adding that line to the top of thankyou-subscription.php, as this is where the data from that form is actually submitted and processed.

Cheers,

Greg

Greg Thomas







PHP Programmer - interactivetools.com

By gversion - July 4, 2018

Hi Greg,

Thanks for the insight into this. I have added the if statement to the 2 pages so I should be all set now.

Thanks so much again for your support.

Regards,

Greg