In that case, sounds like it's a non-Habari issue. I'd make sure your file permissions are locked down correctly, change your password, then try to find whatever caused the issue. Hopefully some of our more security-minded folks can chip in with some tips.
On Mar 10, 2009, at 8:41 PM, Khaled Abou Alfa wrote: > Right I seem to have found the issue here. It seems the two main > files that got hacked were the config.php file and the main > index.php file. Once i deleted the stuff from there, it's been > running back to normal. The thing is though, how did this happen, > and how to prevent it form happening again? > > > On Wed, Mar 11, 2009 at 12:35 AM, Arthus Erea > <[email protected]> wrote: > Actually, the easiest thing might be to just delete the entire > system directory. > > Then svn up or check it out again, and you should get a fresh, > clean, working install. > > On Mar 10, 2009, at 8:30 PM, Khaled Abou Alfa wrote: > >> Oh fuck. What the hell is happening there????? Right I've been >> through my files and there were a couple of stray 00.php files and >> a few new index files etc. If i delete all of my files (except the >> my images in user and my theme) can i then SVN up? >> >> >> On Wed, Mar 11, 2009 at 12:08 AM, Arthus Erea >> <[email protected]> wrote: >> Well that explains why you're not able to have requests load. >> >> Javascript is expecting JSON return, and HTML was interjected. >> >> Off the top of my head, it looks like you might have gotten hacked >> somehow. Someone is adding arbitrary html (spam) to all requests on >> your site. >> >> If you look at the HTML of your main page, you can find the same >> code present. (It's hidden from display though.) >> >> You should definitely get this cleaned up, since it's also a way >> spammers try to game Google and it could get you blacklisted. >> >> I'm not sure exactly how they're going about doing this, but I >> doubt it's through Habari. Look around for some stray files which >> don't seem to belong. Also, investigate your .htaccess file. >> >> On Mar 10, 2009, at 8:00 PM, Khaled Abou Alfa wrote: >> >>> Thanks for the help guys. Unfortunately clearly something has gone >>> completely wonky. When I follow the directions above, basically I >>> get a bunch of text, some of which pretains to my files from the >>> media silo, but then it seems that all I get is spam stuff in >>> there. Here's where it all changes: >>> >>> / >>> dell_netbook >>> .png >>> ","basename >>> ":"dell_netbook.png","title":"dell_netbook.png","url":"http:\/\/ >>> brokenkode >>> .com\/user\/files\/dell_netbook.png","thumbnail_url":"http:\/\/ >>> brokenkode.com\/user\/files\/.deriv\/dell_netbook >>> >>> >>> >>> .png.thumbnail.jpg","filetype":"image_png"},"logo_v1.png": >>> {"path":"Habari\/logo_v1.png","basename":"logo_v1 >>> .png","title":"logo_v1.png","url":"http:\/\/brokenkode.com\/user\/ >>> files\/logo_v1.png","thumbnail_url" >>> >>> >>> >>> :"http:\/\/brokenkode.com\/user\/files\/.deriv\/ >>> logo_v1.png.thumbnail.jpg","filetype":"image_png"},"me >>> .jpg":{"path":"Habari\/ >>> me.jpg","basename":"me.jpg","title":"me.jpg","url":"http:\/\/ >>> brokenkode.com\/user >>> >>> >>> >>> \/files\/me.jpg","thumbnail_url":"http:\/\/brokenkode.com\/user\/ >>> files\/.deriv\/me.jpg.thumbnail.jpg" >>> ,"filetype":"image_jpeg"}},"path":"Habari","controls":"<li class= >>> \"root\"><a href=\"#\" onclick=\"habari >>> >>> >>> >>> .media.fullReload();habari.media.showdir('Habari');return false; >>> \">Root<\/a><\/li><li><a href=\"#\" onclick >>> =\"habari.media.showdir('Habari\/');return false;\">Browse<\/a><\/ >>> li><li><a href=\"#\" onclick=\"habari >>> >>> >>> >>> .media.showpanel('Habari\/', 'upload');return false;\">Upload<\/a>< >>> \/li><li><a href=\"#\" onclick=\"habari >>> .media.showpanel('Habari\/', 'mkdir');return false;\">Create >>> Directory<\/a><\/li>"}<u style=display:none >>> >>> >>> >>> ><a >>> >href="http://www.sturdytents.com/inc/ellen-biddle-shipman-duke-gardens.html >>> > >>> ">ellen biddle shipman >>> >>> >>> duke gardens</a><a >>> href="http://www.sipsanicaragua.com/inc/saddle-seat-bar-stools-toronto-canada.html >>> >>> " >>> >>> >>> >>> >saddle seat bar stools toronto canada</a><a >>> >href="http://www.sollopatin.com/inc/renoirs-garden-fabric >>> >>> That garballed mess goes on for AGES, hundreds of lines of that >>> rubbish. Any thoughts? >>> >>> >>> On Tue, Mar 10, 2009 at 1:09 AM, Josh Wood <[email protected]> wrote: >>> >>> If you want to go the "request monitor" route: >>> >>> Use Firefox. Install Firebug. Open your habari admin panel. Log >>> in. Go >>> to 'New->Entry'. >>> >>> Open Firebug. Click the 'Net' tab. Click the small down arrow to the >>> right of 'Net'. Choose 'Enabled'. >>> >>> Click the 'XHR' tab in the row above 'Net'. >>> >>> Expand your media silo splitter. The spinner begins to spin... >>> >>> Click the right-arrow to expand the POST line that appears in >>> Firebug. >>> >>> Click the 'Response' tab in the area you just expanded. >>> >>> Note the error being returned, if any, that is displayed on the >>> 'Response' tab. >>> >>> The Headers and Post tabs may be of interest as well, but the >>> Response >>> tab is where I would look first. >>> >>> For example, by intentionally arranging to have an error happen, I >>> can >>> read back: >>> >>> "Fatal error</b>: Call to undefined function imagecreatefrompng() >>> in >>> <b>/usr/j/web/hb/system/plugins/habarisilo/habarisilo.plugin.php</b> >>> on line <b>208</b>" >>> >>> from the XHR response in the 'Response' tab. >>> >>> I hope that will help gather some data. >>> >>> -Josh >>> >>> On Mon, Mar 9, 2009 at 3:38 PM, Arthus Erea >>> <[email protected]> wrote: >>> > Do you have a request monitor installed? >>> > After taking an action (such as changing filter), take a look at >>> the >>> > monitor. There should be a new request. >>> > Take a look at that request and see what the outcome is. There >>> are 3 >>> > possible outcomes I can think of: >>> > 1) The request loads forever, never actually loading. (This >>> might be some >>> > sort of redirect issue.) >>> > 2) The result loads, but there's a PHP error message displayed. >>> Or, the >>> > result is blank. If this is the case, please paste the error. >>> > 3) The result loads without error, but Javascript mistakenly >>> detects an >>> > error. If this is the case, again, please paste the error. >>> > Hopefully we can get this resolved with some more debugging. >>> > It also might be worth trying a fresh install to see if that >>> works. >>> > On Mar 9, 2009, at 6:32 PM, Khaled Abou Alfa wrote: >>> > >>> > Heya Michael, >>> > Not sure what I'm looking for here. Basically if I try and use >>> the search >>> > bar (ie to filter stuff out in comments) it basically stalls. >>> This is >>> > whether I basically delete anything, search for anything etc. It >>> loads the >>> > page ok, but then when it gets to POST update_comment thats >>> where things go >>> > a bit wrong. >>> > Should I maybe delete something and then SVN up? Maybe that >>> might help? Like >>> > under system maybe? >>> > On Mon, Mar 9, 2009 at 10:57 AM, Michael Harris >>> > <[email protected] >>> > >>> > wrote: >>> >> >>> >> 2009/3/9 Khaled Abou Alfa <[email protected]>: >>> >> > I've SVNed up to the rev 3298 but unfortunately I can't seem >>> to get any >>> >> > tasks actually done. Specifically if I try and use the media >>> silo, it >>> >> > opens >>> >> > up, but nothing else happens (ie the spinner keeps on >>> spinning and >>> >> > that's >>> >> > about it). >>> >> > Something similar happens when trying to deal with comments. >>> If I want >>> >> > to >>> >> > mark them as spam, or approve them, the spinner does it's >>> thing but >>> >> > nothing >>> >> > actually happens. The difference here of course is that if I >>> go to >>> >> > another >>> >> > page (like the dash) then the actual action has been taken >>> care of (for >>> >> > that >>> >> > page). >>> >> >>> >> I know it doesn't really help, but I can't reproduce this. >>> r3299 works >>> >> fine for me. >>> >> >>> >> The ajax calls are not succeeding for some reason. It would be >>> useful >>> >> if you could investigate the requests. Do you have firebug >>> installed ? >>> >> Or is there some similar net monitor for Safari ? If so, can >>> you look >>> >> to see what happens with the ajax requests ? Do other ajax >>> requests >>> >> work, such as moving the loupe or typing in the search boxes ? >>> >> >>> >> -- >>> >> Michael C. Harris, School of CS&IT, RMIT University >>> >> http://twofishcreative.com/michael/blog >>> >> IRC: michaeltwofish #habari >>> >> >>> >> >>> > >>> > >>> > >>> > >>> > >>> > >>> > > >>> > >>> >>> >>> >>> >>> >>> >> >> >> >> >> >> >> > > > > > > > --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/habari-dev -~----------~----~----~----~------~----~------~--~---
