XF 1.5 404 on /forum/login/login/login

R

rfc0001

Well-known member
Hi, I'm looking through the top 404 errors on my server, and the #1 is a 404 on /forum/login/login/login with referrer /forum/login/ so I know this isn't users typing this in erroneously, rather the actual login page referencing this URL. I've never seen a 404 error directly or had anyone report any issues with registration (/forum/login/login), so I'm wondering if there is some erroneous reference somewhere to this non-existent page somewhere or a honeypot or something? There are 850 404s just this month alone, so seems to be happening pretty regularly. I could always create a 301 to redirect /forum/login/login/login to /forum/login/login, but "fixing" this may end up breaking the way it is working now with the error. Is this something others can confirm, or know what is causing? Thanks.
 
Last edited:
Sort by date Sort by votes
S Thomas said:
This is false conclusion, referrers can be faked and this more or less looks like a standard scrapper. I wouldn't be worried about it.
Click to expand...
I doubt this is malicious activity given the volume of these errors. I'm not worried about it, but seems like there some misbehaving/misconfigured code somewhere.
 
Upvote 0 Downvote
Do you use a pixelexit style by any chance? Xenforo has an url /login/login
In the source of that page I did find a style reference for xenbase to /login so in theory that could explain for /login/login/login
But I don't see how the url would actually be called.

Maybe @Russ has an idea about this.
 
Upvote 0 Downvote
Its this part:
Code: 
<li class="navTab PopupClosed xbGuestLogin">
                    <label for="LoginControl"><a href="login/" class=" navLink"> <span class="xbVisitorText">Log in</span></a></label>
            </li>
It has a trailing slash. Not a leading slash.
 
Upvote 0 Downvote
Yep, that would form a /login/login/login if it was included (and only there) in the login/login site, which is the login form when you call it directly. So your guest would have to manually open the login page.
 
Upvote 0 Downvote
/login/login is also opened if you enter an invalid name on the login bar. Which happens if someone tries to create an account that already exists. Which happens if the user intended to log in or has a password manager autofill the form.
 
Upvote 0 Downvote
Alfa1 said:
Do you use a pixelexit style by any chance? Xenforo has an url /login/login
In the source of that page I did find a style reference for xenbase to /login so in theory that could explain for /login/login/login
But I don't see how the url would actually be called.

Maybe @Russ has an idea about this.
Click to expand...
Never heard of it
 
Upvote 0 Downvote
I can confirm the 404 for /login/login/login being the most frequent 404 at our site. Have to find the reason yet.

For the moment we do a redirect to /login/login at server level.
 
Upvote 0 Downvote
ozzy47 said:
“login” is the login form, “login/login” is what processes the login.
Click to expand...

And login/login/login is a 404. ;-)

A POST to this (wrong) location happens very often for an unknown reason. I now tried to change "login/login" in the templates to "/login/login" as our XF is in root anyway. Let's see if this helps.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

S
  • Question Question
XF 2.2 10,000s of daily requests to "forum/login/keep-alive"
Replies
12
Views
530
digitalpoint
digitalpoint
Moshe1010
Fixed Direct URL access to login/login vs. clicking on the login button via the tooltip gives different social account login result
Replies
1
Views
1K
XF Bug Bot
XF Bug Bot
F
  • Solved
XF 1.5 Can't login to my forum with 2FA after iOS upgrade failed on my iPhone
Replies
14
Views
1K
NDavid
NDavid
popowich
  • Question Question
XF 2.2 /login/login
Replies
1
Views
297
Mike
Mike
B
  • Question Question
XF 2.2 Robots on forum with login required
Replies
1
Views
444
BrianS
B
Back
Top Bottom