Unable to add cookies, header already sent.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • makaiguy
    Senior Member
    • May 2004
    • 125
    • 3.8.x

    Unable to add cookies, header already sent.

    Still running 3.5.4, I'm afraid.

    When attempting to follow a Google search link into our board, or follow a direct link to a thread on our board in an email (or maybe some other ways of entering the board), starting on Nov 27 users sometimes get this error:

    Unable to add cookies, header already sent.
    File: /home/tugbbsc/public_html/forums/includes/cron/session.php
    Line: 31


    I have found I get this if I am logged off the board (i.e. cookies removed) at the time, but I don't get it when I'm logged in. Other administrators have reported they can get the error when logged in too.

    session.php is pretty cryptic, but near as I can figure, it does the following:
    1. Checks to see if there is a HTTP_REFERER header that indicates the user is coming in from one of the common search engines, and if so:
    2. Builds a string "base64_decode", and
    3. Line 31, referenced by the error message, echoes this string plus a long string of code which is then base64 decoded. I've run this string through an online base64 decoder and it appears that this outputs a javascript. The lack of formatting and whitespace, and the cryptic variable and functions names used, make it difficult to interpret, and I haven't figured out what this script does yet, but based on the error message it appears to have something to do with cookies.

    We have made NO changes to the board for many weeks prior to this, so I'm suspicious there may be some configuration change made by our server folks, or some other external variable, that may be responsible.

    Can anybody tell me exactly what that script does, in the hope that it will give us some direction for our troubleshooting?

    Any suggestions as to something our server folks or other external infludence could have done to affect this?
    Last edited by makaiguy; Mon 5 Dec '11, 11:19am.
    Doug Wilson
    Administrator, Timeshare Users Group bbs
  • makaiguy
    Senior Member
    • May 2004
    • 125
    • 3.8.x

    #2
    And an even more basic question: Should there be an ../includes/cron/session.php file at all, or might this be some sort of exploit? I don't find one on my test board.
    Doug Wilson
    Administrator, Timeshare Users Group bbs

    Comment

    • Zachery
      Former vBulletin Support
      • Jul 2002
      • 59097

      #3
      I would honestly suggest you upgrade to vBulletin 3.8.7, unless there is some reason not to. Your version of vbulletin very old, unsupported, and has security exploits.

      Comment

      • makaiguy
        Senior Member
        • May 2004
        • 125
        • 3.8.x

        #4
        Thanks, Zachery, we're aware of that. (OOPS - it's actually 3.6.4, not 3.5.4, but that hardly changes things.) But in a volunteer run organization it is hard to find both the skills and time. In the meanwhile is there an answer to my second post question especially -- is there even supposed to be a ../includes/cron/session.php file in the first place?

        I don't think you want raw code posted here (right?) but the comments at top and bottom of the file say:

        /*======================================================================*\
        || #################################################################### ||
        || # vBulletin 3.6.4 - Licence Number XXXXXX
        || # ---------------------------------------------------------------- # ||
        || # Copyright ©2000-2006 Jelsoft Enterprises Ltd. All Rights Reserved. ||
        || # This file may not be redistributed in whole or significant part. # ||
        || # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
        || # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
        || #################################################################### ||
        \*======================================================================*/

        /*======================================================================*\
        || ####################################################################
        || # Downloaded: 22:44, Fri Nov 24th 2006
        || # CVS: $RCSfile$ - $Revision: 13892 $
        || ####################################################################
        \*======================================================================*/

        Total file length 40 lines
        License number removed
        Doug Wilson
        Administrator, Timeshare Users Group bbs

        Comment

        • makaiguy
          Senior Member
          • May 2004
          • 125
          • 3.8.x

          #5
          Remming out line 31 solves the problem, and we've been running that way for a while now.

          Please, guys, I could really use an answer to this:

          Originally posted by makaiguy
          And an even more basic question: Should there be an ../includes/cron/session.php file at all, or might this be some sort of exploit? I don't find one on my test board.
          If this is NOT a legit vBulletin file in the first place, then I could post the code here for evaluation.
          Doug Wilson
          Administrator, Timeshare Users Group bbs

          Comment

          • Zachery
            Former vBulletin Support
            • Jul 2002
            • 59097

            #6
            Run the suspect file diagnostics in the admincp, it will tell you if its a legit file or not. (I do not have a copy of 3.6.4 to check against).

            Comment

            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
            Working...