Removing Errors from our site - /includes/templates/classic/css/none

As the title says - we've been trawling through our servers error logs and we seem to get a lot of error hits for the file [our address]/includes/templates/classic/css/none

There is no "none" file in that folder, why does this show up?

Thanks in advance for your input

I posted this first in the "other" section which was probably wrong.

As the title says - we've been trawling through our servers error logs and we seem to get a lot of error hits for the file [our address]/includes/templates/classic/css/none

There is no "none" file in that folder, why does this show up?

Thanks in advance for your input

Is the ip address your own or someone elses ? Does it have a referrer ?

There are two class files that could refere to a "non"

admin/includes/classes/phplot.php (which would be you)

includes/classes/shopping_cart.php

which has something to do with file uploads.

Quote:

---

Originally Posted by MattyMatt

There are two class files that could refere to a "non"

admin/includes/classes/phplot.php (which would be you)

includes/classes/shopping_cart.php

which has something to do with file uploads.

---

Neither of those is relevant to stylesheets.

Quote:

---

Originally Posted by DrByte

Neither of those is relevant to stylesheets.

---

I know, but they do reference directory structure and "none" (not non), in shopping_cart we have

$_POST[UPLOAD_PREFIX . $i]] != 'none'

and in upload.php we also have

( zen_not_null($file['tmp_name']) && ($file['tmp_name'] != 'none') && is_uploaded_file($file['tmp_name']) )

and me being the paranoid type, I've looked at the stylesheet section and there appears to be no "none" sub-directory reference anywhere, but there could be some experimentation going on with trying to set the UPLOAD_PREFIX or file['tmp_name'], I can't find any other explanation unless someone has built a theme that references "none" in the classic template which sounds more far fetched.

Are you hosted on a Windows Server? I think that is the Windows way of reporting an error; i.e. none - instead of file not found.

Quote:

---

Originally Posted by MattyMatt

I know, ...

... sounds more far fetched.

---

Quite far fetched.

And, if you know that your answer is irrelevant, don't post it.
There's no point sending the person on a wild goose chase looking in a completely irrelevant place.

Quote:

---

Originally Posted by DrByte

Quite far fetched.

And, if you know that your answer is irrelevant, don't post it.
There's no point sending the person on a wild goose chase looking in a completely irrelevant place.

---

No I meant looking for a css explanation is irrelevant. e.g. looking for a theme built into "classic" rather than an override, that looks for none.

Thanks for your replies, great to hear your input and ideas.

We're on a linux server so that would rule out the windows server replying "none" for "file not found"

IP addresses are totally random and not our own, so thats another thing ruled out.

Here's an example of a line from the error log file, with the addresses taken out for privacy.

[Wed Jan 27 08:10:50 2010] [error] [client 00.00.00.00] File does not exist: /hsphere/local/home/username/domainname.co.uk/includes/templates/classic/css/none

Over 200 of our error entries show up this error every day.

Has anyone experienced this before?

Thanks for your help. :bigups:

Quote:

---

Originally Posted by epsonprintersrock

[client 00.00.00.00]

---

That's especially odd ...

This article on django seems to give a clue

forum.dreamhosters.com/troubleshooting/112491-dispatch.fcgi-not-found.htm

00.00.00.00 could be the internal rewrite ip address in which case then something is rewriting in a .htaccess to "none" which people frequently think apache can understand like

allow from none

where none is incorrect as apache then does a hostname lookup and gets nothing back.

That's a relevant guess btw.

But it wouldn't rewrite a stylesheet filename to 'none' as a result of an "allow from none" directive, esp if "none" is treated as a hostname.

no that was an example of the misuse of none, there are quite a few posts about non-existent files and using mod_rewrite that result in the 00.00.00.00 ip address (good spotting that) "none" could be a mistake in the .htaccess or an unfilled internal variable in mod_rewrite resulting in the the request. Not reall possible to tell without more infomation on the site.

Is it possible that:

includes/templates/classic/css/none

has been "hard-coded" into a custom php file somewhere?

What is returned if you search for that path in

admin >>> tools >>> developer toolkit

I'll check out that article and the hard coding to see what the problem might be.

I rewrote the ip addresses to protect their privacy. They're all different ip addresses, none of them are 00.00.00000 - thats the way I rewrote them.

could it be a difference between the index.php files and the index.html files? That some browsers are automatically looking for a file or a format of a file thats not in that directory so the result comes up as /none ??? random guess!!! :dontgetit

Thanks for your suggestions, I'll let you know how it goes!! :huh:

Thanks for that article MattyMatt, but I don't think there were any clues contained within. But its always good to check out problems! :blink:

Thanks schoolboy for that search idea, I searched in the 'look-up in all files' section but this was my result...

Warning Error: No matching Configuration Keys were found ... /includes/templates/classic/css/none

:shocking:

So no clues there. I think I'll dig up the php file now and see what it says....

Does it have a referer in the error logs ? I fully admit to running after wild geese on this one. If you have the ip address that isn't 00.00.00.00 the you can track that to the time through the access logs and get the refering page.

I think there is something going on behind the scenes, as they say. The number of times the error occurs leads me to believe this is a script output error rather than a error result for a URL.

Have you searched your 'images' dir. for any '.php' files or non-images files that shouldn't be there?

I just counted the errors for yesterday in the error log files, there are about 350 errors all for that file destination. Thats a lot for one day. Sometimes the same ip address requests it 4 times, but then gives up.

thanks for the suggestion website rob, I looked through and there's no php in the images folder. I can't see anything that shouldn't be there.

I've never seen that many 404 errors come up when I browse our website, its quite rare. The thing that confuses me most is that all the errors are for a file thats not there :(

File does not exist: /hsphere/local/home/*ourname*/*ourname*.co.uk/includes/templates/classic/css/none

its wierd, it makes me feel like this guy :lamo:

So have you tracked the ipaddress through the normal log and worked out what the computer has been looking at ? If you follow it and look at the source yourself, you should then be able to track your own progress. If you use firebug in firefox, then there is a feature where it shows the requests each page makes, (install the add on, click the little bug, click Net, click "all" on the far left and then reload the page and it will show which request is made and whether the server found it), if you can't find any page referring to none and giving a 404 when you surf the exact same path as the ipaddress, then it's likely to be a probe by a hostile botnet looking for information on your server by bringing up a 404 not found page, that would list OS version, webserver version etc... So you have two candidates, either something in the templating system is wrong and "normal" users are bringing up a 404, or you are being probed, in which case then you can't really deny ip addresses as a botnet will have many varying computers and you would be unlucky to be on their list (there was a peak in botnet actvity last night at 5 am UK time). What you could do is add create a .htaccess file in that folder

Code:

---

ErrorDocument 404 "<html />

---

the last quote is missed out if you use apache 1.3 and works on 2.0+) that way you are still getting error messages but sending out minimal information and using less server resources just to a botnet (if it is one) it won't stop them but then nothing realistic will and at least you save the bandwidth. Setting up a 403 error message will just still provide the bot net with information, and redireting to your page_not_found would be a bad idea since then for each request you'd end up with 300 database queries multiplied by 350 requests !

Although solving the problem will take some deep investigation you should be able to eliminate the errors by using:

Redirect Gone /includes/templates/classic/css/none

Put the above line in the main or top level .htaccess file.

Yes but if it s a probe that still results in leaking server information.

How so?

Do your physic powers tell you what kind of information is being provided by the Error pages for the OP's site?

Please do not look for fault in whatever is posted. The idea is to help and, without knowing everything, single, little, thing about how a person has their site setup and/or their current level of knowledge & experience with coding, we can only provide information / help based on the information provided.

No statistical probability, default configuration and 12 years experience all tell me that Error pages leak information as do headers. So a one liner that leaks less is a better course of action.

That is a non-answer.

Your 'one-liner' stills creates error entries whereas my 'one-liner' does not.

As to what someone has in their Error pages is and should be, up to them. It is each person's responsibility to determine or learn, what to put in an Error page and what not to.

No it is a correct answer, mine leaks less information reagrdless of circumstance and still allows requests to be tracked easily and in the same manner as the OP is going. It is my responsibility to ensure that when I advise someone I give the most appropriate advice, not to give an answer that I know could result in feeding a hacker with more information or pass the buck onto the OP. There's a common probe that appears in logs that looks for

Code:

---

"GET /thisdoesnotexistahaha.php HTTP/1.1" 404

---

which is straight from my logs, your advice feeds that bot, mine err, doesn't. :cool:

epsonprintersrock - try a search through a copy of all of your site for coding which is something like:

Code:

---

display: none;

---

Website Rob - you should know better. You've only been here for three and a half years helping people constructively.

Vger

Well my favourite advice from Website Rob so far has been

Quote:

---

## redirects any URL that includes: record_company.php/password_forgotten.php
RedirectMatch Permanent ^/(.*[record_company.php]+)/(password_forgotten.php)$ /page_not_found.php

## redirects any URL that includes: /images/wp- with 'wp-' being anything that ends with '.php'
## this allows for images named such as 'wp-header.jpg' to work
RedirectMatch Permanent ^/(.*[images]+)/(wp-.*\.php)$ /page_not_found.php

---

and indeed anything that goes to page not found, because it means that every single error for a hack attempt loads 170 files into memory and puts in 300 database queries, and that is why Rob appears to be following me around. So far the average bot attack on a server lasts minutes from multiple ip address (the maximum appearing to be 84 servers) doing 5 queries each, so let's quarter that number to 21 machine making 5 requests each, leading to 105 queries and 31500 database queries and the loading and processing of PHP 17850 pages to talk to a bot.

Yes Webiste Rob made a mistake, which is fair enough, anyone can, I have repeatedly in this thread, but I'm not going around disputing everything he says, in fact I posted my advice first and it is good solid advice.

Quote:

---

Originally Posted by MattyMatt

...
and indeed anything that goes to page not found, because it means that every single error for a hack attempt loads 170 files into memory and puts in 300 database queries, and that is why Rob appears to be following me around. So far the average bot attack on a server lasts minutes from multiple ip address (the maximum appearing to be 84 servers) doing 5 queries each, so let's quarter that number to 21 machine making 5 requests each, leading to 105 queries and 31500 database queries and the loading and processing of PHP 17850 pages to talk to a bot.

---

Ya ya ya ... that's about the 50th time you've said that same thing in the last 2 weeks. And most of the time, like this one, it's way off topic.
If you've got something constructive and specifically beneficial to help deal with the posted problem, share it. But if you want to start rabbit-trails, especially belaboring ideas that have already been mentioned ad nauseum, find some other place to do it.
Moaning about bots has its place. Try to keep it there, not splattered everywhere.

The point is that I am trying to help by saving server resources from bots and misplaced files if the shop owner uses the Zen cart file

extras/htaccess_for_page_not_found_redirects.htaccess

or Rob's code, there's already been an example on the forum where similar code has slowed a website down because of a misconstructed template file. I think the forum should be a place where problems are solved in the most appropriate way and should highlight issues that can optimize a website and improve the development of Zen Cart, no one is saying my code is incorrect, nor that it does not do what is advertised or for the reasons stated and yet persistently I find myself being followed by two individuals who seem bent on corrupting the advice, deliberately misconstruing my comments and by posting information that could be detrimental to a shop owner, because I pointed out that they were wrong when I was a "newbie" to the forum but not in this field.

Matt.

... and *this* forum is for SHOP OWNERS not server systems admins.

Quote:

---

Originally Posted by MattyMatt

Rob appears to be following me around

---

I'm flattered you would think I am doing that but it is obviously not so.

Going back to original posting and the OP specifically, I would suggest that whatever can be gleamed from this thread be done so. If problem still not solved then hire someone or use the Commercial Forum to post a request, to resolve the issue for you.

I feel that this thread has turned into beating a dead horse and that is getting no one nowhere.

Well, it seems you all have had a very busy weekend.

I'll take some time to look at the advice given and decide on a course of action. When all these problems are fixed I'll let you know what helped.

If anyone else does have any constructive advice it'd be great to hear it. :bigups:

Ok, so I downloaded firebug for mozilla firefox, its a really handy suggestion. And I watched through all the html requests that the browser made when I went onto our homepage and no error came up and no /templats/classic/css/none file request was made :no:

So I'm still none the wiser about whats causing it. Yesterday that file request caused about 300 errors, 95% of all our error logs are made up of that request. :(

Surely this has happened to someone else? Or do other people not bother with their error logs and just remain oblivious?? :blink:

Quote:

---

Originally Posted by epsonprintersrock

Surely this has happened to someone else?

---

Possibly not.

Quote:

---

Originally Posted by epsonprintersrock

Or do other people not bother with their error logs and just remain oblivious?? :blink:

---

In all the log-reviewing I've done on hundreds of sites, I've never seen what you describe.
Plus, there's no code in (a default uncustomized install of) Zen Cart do create such links, so unless you've added specific custom code, it's not originating from a normal install of Zen Cart.

You'll need to identify a pattern in those log messages.
ie:
- are they all from the same IP address?
- regardless of same address or not, how do those IP addresses compare with the server activity log?
--- ie: the server activity log tracks non-error activity of all visitors. Use it to find out what *else* the visitors attempting to hit your "none" file are also doing. Identify patterns.
- what referrer is being logged for those visitors
- what browser or user-agent are they using
- etc