0

This is the one of numerous same lines in apache2 error.log

PHP Deprecated:  Function split() is deprecated in /home/admin/www/public_html/file.php : eval()'d code on line 243

Problem is that this error was in old version of file. File was updated about three weeks ago. Now there isn't split() in file, but error continues.

Nginx 1.06 + Apache2.2 + PHP5

Bart De Vos
  • 17,761
  • 6
  • 62
  • 81
Andrei
  • 1
  • 1
  • http://serverfault.com/questions/314523/how-to-stop-deprecated-errors-showing-in-the-server-log – quanta Sep 28 '11 at 06:33
  • http://serverfault.com/questions/263167/disabling-php-deprecation-warnings-and-notices – quanta Sep 28 '11 at 06:34
  • Thanks! But I'm don't want skip errors. I'm not understand why logging non-existent error. – Andrei Sep 28 '11 at 06:53
  • Do a quick search `grep -lr eval /home/admin/www/public_html/` to make sure that `eval()` doesn't exist in your code. – quanta Sep 28 '11 at 07:00
  • Sorry, i'm edited question: "There isn't split() in file". I'm search for split(). It completely don't exist in the pointed file. – Andrei Sep 28 '11 at 07:20

1 Answers1

1

eval() functions are often used by hackers to add encoded code into old/vulnerable files getting it to do various things. This was likely injected code by a hacker. As suggested by quanta, run a grep in your directory to find all occurrences of this. If need be, review your files one at a time. Someone may have gained access to your server through vulnerable code.

The 'split()' function may also be encoded so searching for "split" may come up empty. In this case, view the following file in a text editor (I'd recommend not running it in a browser at all):

/home/admin/www/public_html/file.php

Most code is either injected right at the top or on the very bottom. It's usually encoded into base64. Look for gibberish text at either of these locations. If it doesn't exist in either of these places, start reviewing the code line-by-line.

Also, a lot of hackers will change the permissions of hacked files to read, write, execute for all users (777). Have a quick view of the permissions column via FTP to see if other files may have been altered.

uzzi09
  • 193
  • 5
  • Not eval(), but split(). Sorry. My typo in the question. – Andrei Sep 28 '11 at 07:25
  • I edited the answer a bit more. Have a go at it and let us know if you still don't have any luck getting this resolved. – uzzi09 Sep 29 '11 at 05:01
  • I searched entire the file by console editor on the server. There is no split() in this file. I found preg_split() far from pointed line. Permissions are ok. I think problem is caching something somewhere :). But if I typing certain error in file.php than error.log writing real error. When I removing error - appearing old non-existent error. – Andrei Sep 29 '11 at 06:32
  • Do you mind posting line 243 of /home/admin/www/public_html/file.php? Obviously, change any personal information – uzzi09 Sep 29 '11 at 18:58
  • Thank you for answers. Don't laugh but line 243 is "}" (right curly brace). – Andrei Sep 30 '11 at 05:47
  • Hehe. I've seen that happen before, and more often than not, it's just something silly like a missing semi-colon that indicates the end of a line. We could go back and forth like this for a very long time. Without looking at the entire source, I don't think I can help much. Perhaps speak with a friend that may have more experience programming. Best of luck! – uzzi09 Oct 11 '11 at 00:33