castris
Verified User
Hi,
I’m trying to locate the origin of an error on a server by searching for the string Etc/Madrid, but I can only find it in the error message itself.
I even created a script to search for it system-wide, but so far, I haven’t found where it’s actually set.
Error see in every script php on server (root, user,...)
But exit,
Apreciate help
I’m trying to locate the origin of an error on a server by searching for the string Etc/Madrid, but I can only find it in the error message itself.
I even created a script to search for it system-wide, but so far, I haven’t found where it’s actually set.
Error see in every script php on server (root, user,...)
Bash:
#!/bin/bash
echo "🔎 Searching for hardcoded 'Etc/Madrid' references in the system..."
# Search in configuration files
echo -e "\n📁 Searching in /etc and /usr/local/directadmin (text configs):"
grep -Ri "Etc/Madrid" /etc /usr/local/directadmin 2>/dev/null
# Search specifically in .ini files (PHP configs, etc.)
echo -e "\n📄 Searching in all *.ini files under /etc and /usr/local:"
find /etc /usr/local/directadmin -type f -iname "*.ini" -exec grep -H "Etc/Madrid" {} \; 2>/dev/null
# Search user-level configuration files
echo -e "\n👤 Searching in user profiles and bash configs:"
grep -Ri "Etc/Madrid" /root/.bash* /home/*/.bash* /home/*/.profile 2>/dev/null
# Search in cron environment files
echo -e "\n🕒 Searching in cron-related files:"
grep -Ri "Etc/Madrid" /etc/cron* /etc/crontab /etc/anacrontab 2>/dev/null
# Check system-wide environment exports
echo -e "\n🌍 Checking /etc/environment and global profiles:"
grep -Ri "Etc/Madrid" /etc/environment /etc/profile* 2>/dev/null
# Check runtime environment variables
echo -e "\n💻 Checking current shell environment:"
env | grep -i timezone
# Check PHP runtime configuration
echo -e "\n📦 Active PHP configuration (php -i):"
php -i | grep -i timezone
# Check PHP compile options
echo -e "\n⚙️ PHP compile flags (Configure Command):"
php -i | grep 'Configure Command'
# Scan PHP binary and shared libraries
PHP_BIN=$(which php)
if [ -x "$PHP_BIN" ]; then
echo -e "\n🔍 Scanning PHP binary with 'strings':"
strings "$PHP_BIN" | grep -i "Etc/Madrid"
else
echo "⚠️ PHP binary not found."
fi
# Scan any php-related shared libraries
echo -e "\n🧩 Scanning linked PHP .so libraries:"
for so in $(ldd "$PHP_BIN" | awk '{print $3}' | grep -E '^/' 2>/dev/null); do
if strings "$so" 2>/dev/null | grep -qi "Etc/Madrid"; then
echo "Found in: $so"
strings "$so" | grep -i "Etc/Madrid"
fi
done
# Check DirectAdmin binary (if exists)
if [ -f /usr/local/directadmin/directadmin ]; then
echo -e "\n🏗 Scanning DirectAdmin binary:"
strings /usr/local/directadmin/directadmin | grep -i "Etc/Madrid"
fi
echo -e "\n✅ Scan complete. If 'Etc/Madrid' is still injected at runtime, consider recompiling PHP or checking external services or deployment scripts."But exit,
Bash:
./find-timezone.sh
🔎 Searching for hardcoded 'Etc/Madrid' references in the system...
📁 Searching in /etc and /usr/local/directadmin (text configs):
📄 Searching in all *.ini files under /etc and /usr/local:
👤 Searching in user profiles and bash configs:
🕒 Searching in cron-related files:
🌍 Checking /etc/environment and global profiles:
💻 Checking current shell environment:
📦 Active PHP configuration (php -i):
PHP Warning: PHP Startup: Invalid date.timezone value 'Etc/Madrid', using 'UTC' instead in Unknown on line 0
"Olson" Timezone Database Version => 2024.2
Timezone Database => internal
Default timezone => UTC
date.timezone => UTC => UTC
⚙️ PHP compile flags (Configure Command):
PHP Warning: PHP Startup: Invalid date.timezone value 'Etc/Madrid', using 'UTC' instead in Unknown on line 0
Configure Command => './configure' '--with-pic' '--enable-embed' '--prefix=/usr/local/php82' '--enable-fpm' '--with-fpm-systemd' '--enable-litespeed' '--with-config-file-scan-dir=/usr/local/php82/lib/php.conf.d' '--with-curl' '--enable-gd' '--with-gettext' '--with-jpeg' '--with-freetype' '--with-ffi' '--with-kerberos' '--with-openssl' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--with-mysqli=mysqlnd' '--with-pdo-mysql=mysqlnd' '--with-pear' '--with-sodium' '--with-webp' '--with-xsl' '--with-zlib' '--with-zip' '--enable-bcmath' '--enable-calendar' '--enable-exif' '--enable-ftp' '--enable-shmop' '--enable-sysvshm' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sockets' '--enable-soap' '--enable-mbstring' '--enable-intl' 'PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:'
🔍 Scanning PHP binary with 'strings':
🧩 Scanning linked PHP .so libraries:
🏗 Scanning DirectAdmin binary:
✅ Scan complete. If 'Etc/Madrid' is still injected at runtime, consider recompiling PHP or checking external services or deployment scripts.Apreciate help
