WPOnlineStore PHP Fatal Error ‘function.require’

Googlebot Error with WPOnlineStore Plugin

Googlebot triggers a PHP Fatal Error ‘function.require‘ error causing the bot to receive a “500” internal server error when trying to crawl the pages created by the WordPress WPOnlineStore plugin. In my previous post I mentioned this ongoing problem. Today I can provide some additional information.

The problem is not unique to my shop site; initial searches of the internet found only a few references to this problem. for the past two days the hosting company server engineers have been looking into the problem, unfortunately without any success. After disabling Apache mod_secure settings, which appeared to be causing the error, Googlebot still triggered this error.  As previously mentioned in Googlebot has Problems with WPOnlineStore, it is only Googlebot – and there lies the first clue.

Error Logs

Careful examination of domain and WPOnlineStore plugin error logs this morning shed more light on the problem. The difficulty in finding the information lay in the logs not containing a reference to the source of the request triggering the fault. Comparing these logs with the general server logs, I was able to find a match when comparing times.

Now, armed with more information, more reports of this problem were discovered, including in Google Groups (See link at bottom of page). Once again there is no fix, or reason given; the suggestions found have all failed to resolve the problem.

PHP Fatal Error ‘function.require’

PHP Fatal error:  require() [function.require]: Failed opening required ‘/DOMAIN/wp-content/plugins/wp-online-store/includes/languages/.php’ (include_path=’.:/usr/lib/php:/usr/local/lib/php’) in /DOMAIN/wp-content/plugins/wp-online-store/includes/application_top.php on line ***

Note the reference to an unnamed PHP file – /languages/.php

References of this nature should never be made – the .extension is used by Apache for hidden files, so the server is looking for a hidden file called php without another extension – typically an ASCII text file, not necessarily any PHP file.

Adding a blank file called .php causes another  error: PHP Fatal error: require() [function.require]: Failed opening required ‘/DOMAIN/wp-content/plugins/wp-online-store/includes/languages//product_info.php’ (include_path=’.:/usr/lib/php:/usr/local/lib/php’) in /DOMAIN/wp-content/plugins/wp-online-store/product_info.php on line 15

In the source code for the product_info.php file – line 15
require(DIR_WS_LANGUAGES . $language . ‘/ ‘ . FILENAME_PRODUCT_INFO);
Creates a double slash in the server processing of the file – removing the slash so only the single quote marks remain thus ‘ ‘ (no space – only added for clarity) breaks the catalogue!

Another error identified is a data call for gtrans (Google Translate. My site does not use any Gtrans systems, either by coding or plugins – the WordPress Gtrans plugin is faulty anyway. If this plugin requires gtrans to allow Googlebot access, then it must be considered a definite fault – There is no mention made in the installation instructions of dependencies on other plugins

So we now have identified 2 possible scripting errors in the plugin, and a database error apparently caused by something that doesn’t and shouldn’t exist, and that is where I am leaving it for today. The big question remains – “Why only Googlebot?”

Possibility of Malware Considered

Thr possibilty of malware introduce to in the WPOnlineStore system must be considerred

After spending hours today searching files for references to this function.require scripting (unsuccessfully) and replacing all the plugin files on the live site, and the past 5 days researching and testing things, I still have not found the solution. But I am beginning to suspect there may be malicious script somewhere.

Nothing else makes any sense! The plugin works for everyone except Googles user agent. Another clue was; every file in the WPOnlineStore plugin had been “modified since the last synchronisation”. Interestingly the file dates perfectly matched those of the files contained in my local folder… So there lies another mystery. All plugin files were uploaded to the server from a known clean plugin package – then the database errors started appearing.

The server is secure. The database and WordPress are both protected with strong passwords. But that doesn’t mean a hacker was unable to inject script or a cookie or some form of malware. There are many automated hacking bots constantly searching for osCommerce and WPOnlineStore installations to try to inject code. It is possible one of these has found an unknown vulnerability.

As to the long term use of this plugin for my shop catalogue, I have already decided to switch the site to a different e-commerce system, possible Drupal or Joomla. I wdon’t want to go for a vanilla version of osCommerce – although I really like the way osCommerce works, I want the abilitly to have onsite product reviews, news feeds and conventional SEO ability, as I believe this is the way to compete for ranking in Google SERP in a very difficult site (e-commerce) to optimise for SEO.

me on google plus+Mike Otgaar

About Mike

Web Developer and Techno-geek Saltwater fishing nut Blogger

Posted on June 28, 2012, in Malware, WordPress and tagged , , , , , , , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: