Two PHP files disappeared from the phpthumb folder yesterday

[bogdandragomir]

Hi,

We use phpthumb 1.7.18-202201121135.

Yesterday I noticed that images no longer appear on a site from our portfolio.
We quickly discovered this error in the php error log from the phpthumb folder:

PHP Fatal error: Unknown: Failed opening required
'/home/ZZZ/public_html/library/phpthumb/phpThumb.php'
(include_path='.:/opt/cpanel/ea-php74/root/usr/share/pear')
in Unknown on line 0

We checked and these two files were missing:
/public_html/library/phpthumb/phpThumb.php
/public_html/library/phpthumb/phpthumb.class.php
although they existed 1s before. The site has several visitors per second, so the second the error appears in the log is the very second of the deletion.

There are 146 lines like this in the same second in the file /public_html/library/phpthumb/error_log:

[15-Feb-2023 20:28:02 Europe/Bucharest] PHP Warning: file_exists() expects parameter 1 to be a valid path, string given in /home/ZZZ/public_html/library/phpthumb/phpthumb.class.php on line 275

and then 11 like this, also in the same second:

[15-Feb-2023 20:28:02 Europe/Bucharest] PHP Fatal error: Unknown: Failed opening required '/home/ZZZ/public_html/library/phpthumb/phpThumb.php' (include_path='.:/opt/cpanel/ea-php74/root/usr/share/pear') in Unknown on line 0

I have one more observation: on one of the 146 identical lines the time differs by 2h (our time is +2):

[15-Feb-2023 20:28:02 Europe/Bucharest] PHP Warning: file_exists() expects parameter 1 to be a valid path, string given in /home/ZZZ/public_html/library/phpthumb/phpthumb.class.php on line 275
[15-Feb-2023 18:28:02 Europe/Bucharest] PHP Warning: file_exists() expects parameter 1 to be a valid path, string given in /home/ZZZ/public_html/library/phpthumb/phpthumb.class.php on line 275
[15-Feb-2023 20:28:02 Europe/Bucharest] PHP Warning: file_exists() expects parameter 1 to be a valid path, string given in /home/ZZZ/public_html/library/phpthumb/phpthumb.class.php on line 275

The site has been running under LiteSpeed Web Server for a week. Until now, it has been running with Apache and PHP-FPM for 7 years.

In the php error log, before the 146 identical lines from yesterday, there are only 19 lines with PHP Warnings collected from Feb 8 to Feb 15. So the situation is completely atypical.

I asked the hosting and they have no explanation.
The deletion of these files does not appear in the ftp log and the hosting staff did not find any traces in the logs they still have.

They suggested that there could be a connection between the 2 deleted files, because in phpthumb.class.php at line 275 there is a function that actually deletes files.

Could it be a bug in phpthumb?
Can I help you reproduce it?

Thanks,
Bogdan

[JamesHeinrich]

I assume the "line 275" you refer to in your version is what is now line 322:
https://github.com/JamesHeinrich/phpThumb/blob/master/phpthumb.class.php#L318-L327

I haven't heard of this before, but it's not impossible there's a bug. If you find some way to replicate the behavior (ideally with the current code) I would be interested.