XF 1.5 404 on /forum/login/login/login

R

rfc0001

Well-known member
Hi, I'm looking through the top 404 errors on my server, and the #1 is a 404 on /forum/login/login/login with referrer /forum/login/ so I know this isn't users typing this in erroneously, rather the actual login page referencing this URL. I've never seen a 404 error directly or had anyone report any issues with registration (/forum/login/login), so I'm wondering if there is some erroneous reference somewhere to this non-existent page somewhere or a honeypot or something? There are 850 404s just this month alone, so seems to be happening pretty regularly. I could always create a 301 to redirect /forum/login/login/login to /forum/login/login, but "fixing" this may end up breaking the way it is working now with the error. Is this something others can confirm, or know what is causing? Thanks.
 
Last edited:
Sort by date Sort by votes
S Thomas said:
This is false conclusion, referrers can be faked and this more or less looks like a standard scrapper. I wouldn't be worried about it.
Click to expand...
I doubt this is malicious activity given the volume of these errors. I'm not worried about it, but seems like there some misbehaving/misconfigured code somewhere.
 
Upvote 0 Downvote
Do you use a pixelexit style by any chance? Xenforo has an url /login/login
In the source of that page I did find a style reference for xenbase to /login so in theory that could explain for /login/login/login
But I don't see how the url would actually be called.

Maybe @Russ has an idea about this.
 
Upvote 0 Downvote
Its this part:
Code: 
<li class="navTab PopupClosed xbGuestLogin">
                    <label for="LoginControl"><a href="login/" class=" navLink"> <span class="xbVisitorText">Log in</span></a></label>
            </li>
It has a trailing slash. Not a leading slash.
 
Upvote 0 Downvote
Yep, that would form a /login/login/login if it was included (and only there) in the login/login site, which is the login form when you call it directly. So your guest would have to manually open the login page.
 
Upvote 0 Downvote
/login/login is also opened if you enter an invalid name on the login bar. Which happens if someone tries to create an account that already exists. Which happens if the user intended to log in or has a password manager autofill the form.
 
Upvote 0 Downvote
Alfa1 said:
Do you use a pixelexit style by any chance? Xenforo has an url /login/login
In the source of that page I did find a style reference for xenbase to /login so in theory that could explain for /login/login/login
But I don't see how the url would actually be called.

Maybe @Russ has an idea about this.
Click to expand...
Never heard of it
 
Upvote 0 Downvote
I can confirm the 404 for /login/login/login being the most frequent 404 at our site. Have to find the reason yet.

For the moment we do a redirect to /login/login at server level.
 
Upvote 0 Downvote
ozzy47 said:
“login” is the login form, “login/login” is what processes the login.
Click to expand...

And login/login/login is a 404. ;-)

A POST to this (wrong) location happens very often for an unknown reason. I now tried to change "login/login" in the templates to "/login/login" as our XF is in root anyway. Let's see if this helps.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

L
XF 2.2 Xenforo Login Issues
Replies
0
Views
258
leebo
L
J
kicked out admin panel constantly
Replies
7
Views
314
digitalpoint
digitalpoint
SpecialK
  • Solved
XF 2.2 Best way to handle forced login via connected account?
Replies
8
Views
720
mattrogowski
mattrogowski
twhiting9275
  • Question Question
XF 2.2 Stuck in 'upgrade' mode?
Replies
10
Views
933
Vercingetorix
Vercingetorix
ChadCLund
  • Question Question
XF 2.2 Unregistered Users Partial Thread Content
Replies
3
Views
453
ChadCLund
ChadCLund
Top Bottom