Parse error: syntax error, unexpected T_DOUBLE_ARROW

I was a little alarmed to try logging into our journal today to find it would not load and instead an error is displayed:

Parse error: syntax error, unexpected T_DOUBLE_ARROW in … /cache/fc-pluginSettings-1-roleblockplugin.php on line 2

Now I don’t know my php but when I downloaded the file referred to I just got more confused. It reads, in total:

<?php 'enabled' => true, 'seq' => 4, 'context' => 2, ); ?>

No double arrows that I can see there, let alone on line 2… And nothing should have changed anyway, so why this error pops up now…

Help please!

Our journal is down while this issue remains.

Running OJS 2.4.3.0

Hi @SKP,

You should be able to delete all files in cache/ and they’ll be automatically regenerated – but I’m not sure why something would corrupt that file. Double-check your file permissions on the contents of that directory to ensure that something else outside OJS isn’t able to modify them.

Regards,
Alec Smecher
Public Knowledge Project Team

Hmmm. Well just deleting that particular cache file did nothing, but when I deleted all the cache files from the last couple of days…

ta-daaa… Site is up again.

A bit worrying that something interfered with this though, I shall check permissions as you suggest.

Wonderful quick response.

Many thanks indeed!

If you’re still reading what should the folder permissions actually be…

So far as I can see , Owner permissions are Read, Write, Execute
Group Permissions are Read and Execute
Public Permissions are Read and Execute

Thanks

Hi @SKP,

We’ve seen similar things happen before when a script on a shared server is abused to gain access. Automated attacks will sometimes attempt to modify PHP scripts on the server, which can cause unintended consequences. The best way to determine if that’s happening is to take note of the “date modified” of the file that’s been changed, and correlate that time and date against the access log to see if you can spot some unusual requests.

Regards,
Alec Smecher
Public Knowledge Project Team

Actually I did find a weird file in the cache, one of the ones I deleted, which seemed linked with some bots…

I won’t reproduce it all, but a flavour…

<?php return array ( 5 => '/008/', 6 => '/ABACHOBot/', 7 => '/Accoona\\-AI\\-Agent/', 8 => '/AddSugarSpiderBot/', 9 => '/AnyApexBot/', 10 => '/Arachmo/', 11 => '/B\\-l\\-i\\-t\\-z\\-B\\-O\\-T/', 12 => '/Baiduspider/', 13 => '/BecomeBot/', 14 => '/BeslistBot/', 15 => '/BillyBobBot/', 16 => '/Bimbot/', 17 => '/[Bb]ingbot/', 18 => '/Blekkobot/', ... ); ?>

Is this an attack script??

Methinks a password change at least is in order…

Thanks,
SKP

Hi @SKP,

We include a bot list with OJS for the purposes of filtering out requests from these from COUNTER statistics. That file is probably legit.

If you’ve suffered an automated attack, you’ll likely find your original problem recurring after a while. If it does happen, I’d suggest checking the modification date of the file as recommended above.

Regards,
Alec Smecher
Public Knowledge Project Team

OK. Thanks. I shall keep a wary eye out…

:wink: