Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted December 6, 201212 yr Tons of these: client denied by server configuration: /home/public_html/forum/cache/df.php Any ideas what that is`?
December 6, 201212 yr Care to provide more info? Do you have access to your apache configs. If yes, hows your <Directory> settings? Any Deny from All that could affect that folder? Do you use htaccess? Could settings in those prevent access?
December 6, 201212 yr Author I have my own server, but i dont even have forum/cache/df.php file in cache folder :
December 6, 201212 yr Tons of these: client denied by server configuration: /home/public_html/forum/cache/df.php Any ideas what that is`? at a guess by the really odd filename, and that it is being requested like that, your server config saving your ***.
December 6, 201212 yr iirc, and its been LONG time since I saw this error, this MAY help but just check it out before applying. make sure its not related to recent hacks.
December 6, 201212 yr shrugs, I said what i did as that is not a file ipb generates or has there, is not native, therefore.....
December 6, 201212 yr yeah I just caught that too. damned nerve meds messed up my eye sight and I missed file name
December 6, 201212 yr That's not an IP.Board file... That's likely a hack file... Sounds to me like you've got .htaccess directory execution turned on and it saved you...
December 6, 201212 yr Author I dont think this is hacking issue. It started right after i moved servers.
December 6, 201212 yr Author there are htaccess in that folder: #<ipb-protection> <Files ~ "^.*.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml)"> Order allow,deny Deny from all </Files> #</ipb-protection> Is that correct? It denies files from that dir.
December 6, 201212 yr Yup, that's correct. You want that .htaccess file there... It keeps scripts like that ##.php from executing.
December 6, 201212 yr Author Yep, but that file creates that error. I just wonder what calls that file df.php. They come from so starge ip's[Thu Dec 06 16:32:45 2012] [error] [client 173.254.28.143] client denied by server configuration: /home/mysite/public_html/forum/cache/df.php [Thu Dec 06 16:59:11 2012] [error] [client 122.155.168.150] client denied by server configuration: /home/mysite/public_html/forum/cache/df.php [Thu Dec 06 17:01:57 2012] [error] [client 66.147.244.199] client denied by server configuration: /home/mysite/public_html/forum/cache/df.php [Thu Dec 06 17:06:48 2012] [error] [client 50.97.141.131] client denied by server configuration: /home/mysite/public_html/forum/cache/df.php [Thu Dec 06 17:11:03 2012] [error] [client 94.125.177.150] client denied by server configuration: /home/mysite/public_html/forum/cache/df.php [Thu Dec 06 17:16:52 2012] [error] [client 85.128.250.2] client denied by server configuration: /home/mysite/public_html/forum/cache/df.php [Thu Dec 06 17:18:55 2012] [error] [client 184.107.58.85] client denied by server configuration: /home/mysite/public_html/forum/cache/df.php [Thu Dec 06 17:25:39 2012] [error] [client 69.89.31.87] client denied by server configuration: /home/mysite/public_html/forum/cache/df.php [Thu Dec 06 17:27:26 2012] [error] [client 74.50.8.235] client denied by server configuration: /home/mysite/public_html/forum/cache/df.php [Thu Dec 06 17:39:50 2012] [error] [client 188.165.230.48] client denied by server configuration: /home/mysite/public_html/forum/cache/df.php [Thu Dec 06 17:40:55 2012] [error] [client 91.151.211.1] client denied by server configuration: /home/mysite/public_html/forum/cache/df.php [Thu Dec 06 17:48:19 2012] [error] [client 134.0.11.137] client denied by server configuration: /home/mysite//public_html/forum/cache/df.php [Thu Dec 06 17:50:48 2012] [error] [client 69.89.31.135] client denied by server configuration: /home/mysite/public_html/forum/cache/df.php
December 6, 201212 yr Does the file exist on your server? Might be hackers trying to hit files on your server just guessing...
December 6, 201212 yr Does the file exist on your server? Might be hackers trying to hit files on your server just guessing... My guess. No it does not exist. They think it does, or moreover, are hitting it to try to determine if it is there, i would seriously be certain however that your server is clean, that could very well be a file or a corrupted hook trying to infect the cache/image dirs and spew havoc from there, as this specific one is known to do....
December 6, 201212 yr Author I forgot, i get same kind errors sometimes also from broken smilies. Post: http://hoitajat.net/foorumi/topic/2424-laakelaskut-tokkii/#entry33572 , creates this in apache log [Thu 2012 Dec 06 21:19:14] [error] [client 212.226.56.57] client denied by server configuration: /home/mysite/public_html/foorumi/public/style_emoticons/index.php, referer: http://hoitajat.net/foorumi/topic/2424-laakelaskut-tokkii/ I got those broken smiles because i have converted board. Editing post and saving it fixes it. Knowing this, that df.php error could be basically anything :(
December 6, 201212 yr is df.php a file used in whatever you converted from and is there search/sitemap pointing to it somewheres?
December 6, 201212 yr Your server has been compromised, likely due to the issue we patched on November 6th. I recommend running the IP.Board security center tools to look for suspicious files and remove anything that does not belong. On the upside, as you have .htaccess protection in those directories, the files are not accessible, which is why you're seeing those error messages being logged (this is a good thing in this case).
December 6, 201212 yr wonder if the prior board was actually the compromised one. its not mentioned what the board or conversion time was but I wonder if thats what happened.
December 6, 201212 yr Author wonder if the prior board was actually the compromised one. its not mentioned what the board or conversion time was but I wonder if thats what happened. No it wasnt, it was many years ago. It was SMF
December 6, 201212 yr Author Your server has been compromised, likely due to the issue we patched on November 6th. I recommend running the IP.Board security center tools to look for suspicious files and remove anything that does not belong. On the upside, as you have .htaccess protection in those directories, the files are not accessible, which is why you're seeing those error messages being logged (this is a good thing in this case). Can i create ticket for this? I have no idea what does belong there. That wizard says most suspicous file is public_html/foorumi/public/style_emoticons/.htaccess , i boubt it.
December 6, 201212 yr Can i create ticket for this? I have no idea what does belong there. That wizard says most suspicous file is public_html/foorumi/public/style_emoticons/.htaccess , i boubt it. We don't repair sites that have been hacked, but here is a guide you can use to clean this up. If you have a recent backup our next support action is to recommend that you revert to that backup and apply the [url= 6th Security Patch to your board immediately. If you do not have a recent backup, please look in the following directories for odd files, such as "zx.php" and "4d4098d64e163d2726959455d046fd7c.php". / (root directory) /cache/ (and child directories) /hooks/ /uploads/ If you find any of the above, or similarly named files, in the above directories, please remove them. To be sure that you have no hacked files left over, we recommend that you run the Security Tools located in the Security Center of your IP.Board AdminCP. You can find this under System > System > Security Center. The tools which you absolutely must run are the following: IP.Board Unauthorized File Checker IP.Board Executables Deep Scan Make "conf_global.php" Un-writable IP.Board PHP/CGI .htaccess Protection
December 6, 201212 yr No it wasnt, it was many years ago. It was SMF gotcha, sounded like it may have been recent which is why I was curious.
December 6, 201212 yr Author Rhett, i have done all of those. Nothing found. All "suspisous " files are IPB's
Archived
This topic is now archived and is closed to further replies.