Right I seem to have found the issue here. It seems the two main files that got hacked were the config.php file and the main index.php file. Once i deleted the stuff from there, it's been running back to normal. The thing is though, how did this happen, and how to prevent it form happening again?
On Wed, Mar 11, 2009 at 12:35 AM, Arthus Erea <[email protected]> wrote: > Actually, the easiest thing might be to just delete the entire system > directory. > Then svn up or check it out again, and you should get a fresh, clean, > working install. > > On Mar 10, 2009, at 8:30 PM, Khaled Abou Alfa wrote: > > Oh fuck. What the hell is happening there????? Right I've been through my > files and there were a couple of stray 00.php files and a few new index > files etc. If i delete all of my files (except the my images in user and my > theme) can i then SVN up? > > On Wed, Mar 11, 2009 at 12:08 AM, Arthus Erea <[email protected]>wrote: > >> Well that explains why you're not able to have requests load. >> Javascript is expecting JSON return, and HTML was interjected. >> >> Off the top of my head, it looks like you might have gotten hacked >> somehow. Someone is adding arbitrary html (spam) to all requests on your >> site. >> >> If you look at the HTML of your main page, you can find the same code >> present. (It's hidden from display though.) >> >> You should definitely get this cleaned up, since it's also a way spammers >> try to game Google and it could get you blacklisted. >> >> I'm not sure exactly *how* they're going about doing this, but I doubt >> it's through Habari. Look around for some stray files which don't seem to >> belong. Also, investigate your .htaccess file. >> >> On Mar 10, 2009, at 8:00 PM, Khaled Abou Alfa wrote: >> >> Thanks for the help guys. Unfortunately clearly something has gone >> completely wonky. When I follow the directions above, basically I get a >> bunch of text, some of which pretains to my files from the media silo, but >> then it seems that all I get is spam stuff in there. Here's where it all >> changes: >> >> /dell_netbook.png","basename":"dell_netbook.png","title":"dell_netbook.png","url":"http:\/\/brokenkode >> .com\/user\/files\/dell_netbook.png","thumbnail_url":"http:\/\/brokenkode.com\/user\/files\/.deriv\/dell_netbook >> >> >> .png.thumbnail.jpg","filetype":"image_png"},"logo_v1.png":{"path":"Habari\/logo_v1.png","basename":"logo_v1 >> .png","title":"logo_v1.png","url":"http:\/\/brokenkode.com\/user\/files\/logo_v1.png","thumbnail_url" >> >> >> :"http:\/\/brokenkode.com\/user\/files\/.deriv\/logo_v1.png.thumbnail.jpg","filetype":"image_png"},"me >> .jpg":{"path":"Habari\/me.jpg","basename":"me.jpg","title":"me.jpg","url":"http:\/\/brokenkode.com\/user >> >> >> \/files\/me.jpg","thumbnail_url":"http:\/\/brokenkode.com\/user\/files\/.deriv\/me.jpg.thumbnail.jpg" >> ,"filetype":"image_jpeg"}},"path":"Habari","controls":"<li class=\"root\"><a >> href=\"#\" onclick=\"habari >> >> >> .media.fullReload();habari.media.showdir('Habari');return >> false;\">Root<\/a><\/li><li><a href=\"#\" onclick >> =\"habari.media.showdir('Habari\/');return false;\">Browse<\/a><\/li><li><a >> href=\"#\" onclick=\"habari >> >> >> .media.showpanel('Habari\/', 'upload');return >> false;\">Upload<\/a><\/li><li><a href=\"#\" onclick=\"habari >> .media.showpanel('Habari\/', 'mkdir');return false;\">Create >> Directory<\/a><\/li>"}<u style=display:none >> >> >> ><a >> >href="http://www.sturdytents.com/inc/ellen-biddle-shipman-duke-gardens.html";>ellen >> > biddle shipman >> >> duke gardens</a><a >> href="http://www.sipsanicaragua.com/inc/saddle-seat-bar-stools-toronto-canada.html"; >> >> >> >saddle seat bar stools toronto canada</a><a >> >href="http://www.sollopatin.com/inc/renoirs-garden-fabric >> >> >> That garballed mess goes on for AGES, hundreds of lines of that rubbish. >> Any thoughts? >> >> >> On Tue, Mar 10, 2009 at 1:09 AM, Josh Wood <[email protected]> wrote: >> >>> >>> If you want to go the "request monitor" route: >>> >>> Use Firefox. Install Firebug. Open your habari admin panel. Log in. Go >>> to 'New->Entry'. >>> >>> Open Firebug. Click the 'Net' tab. Click the small down arrow to the >>> right of 'Net'. Choose 'Enabled'. >>> >>> Click the 'XHR' tab in the row above 'Net'. >>> >>> Expand your media silo splitter. The spinner begins to spin... >>> >>> Click the right-arrow to expand the POST line that appears in Firebug. >>> >>> Click the 'Response' tab in the area you just expanded. >>> >>> Note the error being returned, if any, that is displayed on the >>> 'Response' tab. >>> >>> The Headers and Post tabs may be of interest as well, but the Response >>> tab is where I would look first. >>> >>> For example, by intentionally arranging to have an error happen, I can >>> read back: >>> >>> "Fatal error</b>: Call to undefined function imagecreatefrompng() in >>> <b>/usr/j/web/hb/system/plugins/habarisilo/habarisilo.plugin.php</b> >>> on line <b>208</b>" >>> >>> from the XHR response in the 'Response' tab. >>> >>> I hope that will help gather some data. >>> >>> -Josh >>> >>> On Mon, Mar 9, 2009 at 3:38 PM, Arthus Erea <[email protected]> >>> wrote: >>> > Do you have a request monitor installed? >>> > After taking an action (such as changing filter), take a look at the >>> > monitor. There should be a new request. >>> > Take a look at that request and see what the outcome is. There are 3 >>> > possible outcomes I can think of: >>> > 1) The request loads forever, never actually loading. (This might be >>> some >>> > sort of redirect issue.) >>> > 2) The result loads, but there's a PHP error message displayed. Or, the >>> > result is blank. If this is the case, please paste the error. >>> > 3) The result loads without error, but Javascript mistakenly detects an >>> > error. If this is the case, again, please paste the error. >>> > Hopefully we can get this resolved with some more debugging. >>> > It also might be worth trying a fresh install to see if that works. >>> > On Mar 9, 2009, at 6:32 PM, Khaled Abou Alfa wrote: >>> > >>> > Heya Michael, >>> > Not sure what I'm looking for here. Basically if I try and use the >>> search >>> > bar (ie to filter stuff out in comments) it basically stalls. This is >>> > whether I basically delete anything, search for anything etc. It loads >>> the >>> > page ok, but then when it gets to POST update_comment thats where >>> things go >>> > a bit wrong. >>> > Should I maybe delete something and then SVN up? Maybe that might help? >>> Like >>> > under system maybe? >>> > On Mon, Mar 9, 2009 at 10:57 AM, Michael Harris < >>> [email protected]> >>> > wrote: >>> >> >>> >> 2009/3/9 Khaled Abou Alfa <[email protected]>: >>> >> > I've SVNed up to the rev 3298 but unfortunately I can't seem to get >>> any >>> >> > tasks actually done. Specifically if I try and use the media silo, >>> it >>> >> > opens >>> >> > up, but nothing else happens (ie the spinner keeps on spinning and >>> >> > that's >>> >> > about it). >>> >> > Something similar happens when trying to deal with comments. If I >>> want >>> >> > to >>> >> > mark them as spam, or approve them, the spinner does it's thing but >>> >> > nothing >>> >> > actually happens. The difference here of course is that if I go to >>> >> > another >>> >> > page (like the dash) then the actual action has been taken care of >>> (for >>> >> > that >>> >> > page). >>> >> >>> >> I know it doesn't really help, but I can't reproduce this. r3299 works >>> >> fine for me. >>> >> >>> >> The ajax calls are not succeeding for some reason. It would be useful >>> >> if you could investigate the requests. Do you have firebug installed ? >>> >> Or is there some similar net monitor for Safari ? If so, can you look >>> >> to see what happens with the ajax requests ? Do other ajax requests >>> >> work, such as moving the loupe or typing in the search boxes ? >>> >> >>> >> -- >>> >> Michael C. Harris, School of CS&IT, RMIT University >>> >> http://twofishcreative.com/michael/blog >>> >> IRC: michaeltwofish #habari >>> >> >>> >> >>> > >>> > >>> > >>> > >>> > >>> > >>> > > >>> > >>> >>> >>> >> >> >> >> >> >> >> > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/habari-dev -~----------~----~----~----~------~----~------~--~---
