Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> phpnuke 7.2
Author Message
Dawg
RavenNuke(tm) Development Team



Joined: Nov 07, 2003
Posts: 928

PostPosted: Sat Dec 03, 2005 5:37 am Reply with quote

Greetings Raven and All,
I woke up this morning to find my site down or at least the home page. I get the ol' You can't access this file directly... at the front page. If I go in through the admin ......all seems good. All the mods work...The rest of the site seems to be working just fine. I tried changing the home page mod....No Joy....I reloaded main.file and modules from backup and that did not help. I checked my phpinfo.php and all seemed well....I tried the php_self change at the bottom of mainfile...No Joy.

The site has been running fine for months....no changes done yesterday (I was out of town all day) but the site was up and kicking all day .....I showed it to a couple of customers. When I got home last night I was on for a while but was working on one of my other sites.

I'm stuck....without a clue.

7.2
2.4 patched (The one before surrent)
NukeSentinel™ 2.0.2

Any Ideas?

Dawg
 
View user's profile Send private message
Dawg







PostPosted: Sat Dec 03, 2005 6:08 am Reply with quote

I got it fixed....but check this out....talk about STRANGE.....

IT turns out it was my index.php file

All of the varibles had changed.....

old....(The one NOT working
$_server['php_self'] = "modules.php";

new....(I loaded from a backup)
$_SERVER['PHP_SELF'] = "modules.php";

Another example....

old...
if ($httpref==1) {
$referer = $_server["http_referer"];
$referer = check_html($referer, nohtml);
if ($referer=="" or eregi("^unknown", $referer) or substr("$referer",0,strlen($nukeurl))==$nukeurl or eregi("^bookmark",$referer)) {
} else {
$result = $db->sql_query("insert into ".$prefix."_referer values (null, '$referer')");
}
$numrows = $db->sql_numrows($db->sql_query("select * from ".$prefix."_referer"));
if($numrows>=$httprefmax) {
$result2 = $db->sql_query("delete from ".$prefix."_referer");
}

New.....

if ($httpref==1) {
$referer = $_SERVER["HTTP_REFERER"];
$referer = check_html($referer, nohtml);
if ($referer=="" OR eregi("^unknown", $referer) OR substr("$referer",0,strlen($nukeurl))==$nukeurl OR eregi("^bookmark",$referer)) {
} else {
$result = $db->sql_query("INSERT INTO ".$prefix."_referer VALUES (NULL, '$referer')");
}
$numrows = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_referer"));
if($numrows>=$httprefmax) {
$result2 = $db->sql_query("DELETE FROM ".$prefix."_referer");
}

The entire script is like this.

What is up with that?

Dawg
 
Dawg







PostPosted: Wed Dec 21, 2005 9:11 pm Reply with quote

BTW....I resolved this by changing the CHMOD to R R R only....

Ran across this old thread...and forgot to post the solution...

Dawg
 
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Wed Dec 21, 2005 9:23 pm Reply with quote

Almost sounds like a cracker overlaid your index.php file?
 
View user's profile Send private message
Dawg







PostPosted: Thu Dec 22, 2005 2:59 am Reply with quote

I have no idea who or what was doing it but somehow something was doing it. Really strange.

Your theory does make sence.....
 
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Thu Dec 22, 2005 8:42 am Reply with quote

Although I suspect Raven had the correct answer you might also want to consider that if your site was not on a local machine, is it possible your host did some sort of roll-back and never told you about it?
Might be worth checking forum posts and news articles to see what the last postsed date was.
 
View user's profile Send private message Send e-mail
Dawg







PostPosted: Thu Dec 22, 2005 12:33 pm Reply with quote

Guardian,
I do not think it was the host. It happened more than once. One time...(when I posted here)....it happened several times within an hour, one time within minutes of when I corrected it.

I looked through the site....did not see anything else amiss....did not see anything missing or rolled back.

I "TRY" to run a pretty tight ship....but you never know.

Dave
 
Guardian2003







PostPosted: Fri Dec 23, 2005 12:30 am Reply with quote

Dawg, yes I appreciate that. It was just a thought as it is something I had experienced myslef in the past.
So it would seem then that either some unauthorised party has over written the index.php file then or someone with legitimate access has done so inwittingly.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> phpnuke 7.2

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©