Jump to content

Mayday! ACP Down....

EmpireKicking

By EmpireKicking
in Technical Problems

Recommended Posts

iacas Rising Star

iacas

Posted
Posted

I was having this issue too. In looking at my httpd error_log, a file named "failedMailCount.xxxxxxxx.php" (xxx were a series of digits) was responsible. Deleting it would let me see the ACP. On Safari, it would be blank. On Chrome, a 500 error.

The failedMailCount file is in /datastore and keeps recurring. I don't know what causes it to exist.

@EmpireKickAss, please keep this thread updated. Thanks.

P.S. It's just the dashboard that was blank for me. The other pages, if I had a link to them from my history or something, worked fine.

EmpireKicking Experienced

EmpireKicking

Posted
  • Author
Posted

@iacas Sounds like you have something else that doesn't included on the problem that I have, and I'm glad to share. IPS Support team is still investigation, it's advanced support nature, so it's high. Plus doesn't help that advanced support is only available Monday through Friday, which I do understand.

The Support team found the following, doesn't look right and could probably be a vulnerable. They said to recreate the file, if not, then restore the default theme for me. However I want to get down to the bottom so they are going to go an advanced investigation 

<?php exit; ?>

Sat, 09 Jan 2016 12:43:28 +0000 (Severity: 2)
1.136.96.110 - http://www.baysidega...45ca36dc1cab1d
ErrorException
2: file_get_contents(http://www.generalno...ics/adminer.txt): failed to open stream: HTTP request failed! HTTP/1.0 503 Service Unavailable 


#0 [internal function]: IPS\IPS::errorHandler(2, 'file_get_conten...', '/*****/*****/p...', 4, Array)
#1 /*****/*****/public_html/system/Theme/Theme.php(713) : eval()'d code(4): file_get_contents('[url="""]http://www.gene...')[/url]
#2 /*****/*****/public_html/system/Theme/Theme.php(713): eval()
#3 /*****/*****/public_html/system/Dispatcher/Admin.php(113): IPS\_Theme->getTemplate('global', 'core')
#4 /*****/*****/public_html/system/Dispatcher/Dispatcher.php(86): IPS\Dispatcher\_Admin->init()
#5 /*****/*****/public_html/bayside/index.php(13): IPS\_Dispatcher::i()
#6 {main}
------------------------------------------------------------------------

  I don't understated or I'm lost since it's more of an Software issue, and My site http://www.baysidegamers.com/forums/ Front of house is working full steam ahead, 

I like to get my ACP working on Monday ASAP, I have allot of work to do.  

 

Koby Enthusiast

Koby

Posted
Posted

I don't get why it's fetching an off-site txt file called adminer. Are you sure your site wasn't compromised? Sort of seems like someone may have injected some sort of keylogger into your admin cp login.

Can you get the full address of that link and see what the file contains?

EmpireKicking Experienced

EmpireKicking

Posted
  • Author
Posted

I'm also getting and error (error.log) 

[10-Jan-2016 03:49:52 UTC] PHP Fatal error:  Call to undefined method IPS\Content\Search\Mysql\Query::excludeFirstPostContentItems() in /****/*****/public_html/applications/core/modules/front/activity/activity.php on line 105

Leads to 

$query = \IPS\Content\Search\Query::init()->excludeFirstPostContentItems()->excludeDisabledApps()->setOrder( \IPS\Content\Search\Query::ORDER_NEWEST_CREATED )->setPage( $page );
			$results = $query->search();
			$pagination = trim( \IPS\Theme::i()->getTemplate( 'global', 'core', 'global' )->pagination( $url, ceil( $results->count( TRUE ) / $query->resultsToGet ), $page, $query->resultsToGet ) );
			$output = \IPS\Theme::i()->getTemplate('system')->activityStream( $results, $pagination );

@Koby  Aren't an adminer.txt looked allover. and can't find much with key logging other then whats from ckeditor, but that's got nothing to do with it. 

 

Waiting on IPS support 

Koby Enthusiast

Koby

Posted
Posted
46 minutes ago, EmpireKickAss said:

I'm also getting and error (error.log) 


[10-Jan-2016 03:49:52 UTC] PHP Fatal error:  Call to undefined method IPS\Content\Search\Mysql\Query::excludeFirstPostContentItems() in /****/*****/public_html/applications/core/modules/front/activity/activity.php on line 105

Leads to 


$query = \IPS\Content\Search\Query::init()->excludeFirstPostContentItems()->excludeDisabledApps()->setOrder( \IPS\Content\Search\Query::ORDER_NEWEST_CREATED )->setPage( $page );
			$results = $query->search();
			$pagination = trim( \IPS\Theme::i()->getTemplate( 'global', 'core', 'global' )->pagination( $url, ceil( $results->count( TRUE ) / $query->resultsToGet ), $page, $query->resultsToGet ) );
			$output = \IPS\Theme::i()->getTemplate('system')->activityStream( $results, $pagination );

@Koby  Aren't an adminer.txt looked allover. and can't find much with key logging other then whats from ckeditor, but that's got nothing to do with it. 

 

Waiting on IPS support 

I'm not talking about on your site. I mean this: 

2: file_get_contents(http://www.generalno...ics/adminer.txt)

If you know the full address to that file, see what it contains.

EmpireKicking Experienced

EmpireKicking

Posted
  • Author
Posted
19 minutes ago, Tracy Perry said:

I'm aware of an adminer (used to be phpMinAdmin) add-on for WordPress.  By chance do you have Wordpress installed on the server @EmpireKickAss and are you using adminer as a SQL DB management tool?

Yes, I have Wordpress on the same server at www.baysideves.com However I have an IPS Test website on the same server, and the ACP is working

Daniel F Grand Master

Daniel F

Posted
Posted
23 minutes ago, Tracy Perry said:

I'm aware of an adminer (used to be phpMinAdmin) add-on for WordPress.  By chance do you have Wordpress installed on the server @EmpireKickAss and are you using adminer as a SQL DB management tool?

Yea, but wouldn't it be adminer.php and not adminer.txt :D and why would one want to include the adminer script into the global template:)

 

Since @EmpireKickAss said it's not something from him, it's something bad:D

Anyway, the file doesn't exist(which is good, because without the missing file, nobody would have noticed this:D ) , so i can't investigate further. I'm going to restore the default ACP theme and do some further checks for compromised code.

 

 

Tracy Perry Enthusiast

Tracy Perry

Posted
Posted
14 minutes ago, Daniel F said:

Yea, but wouldn't it be adminer.php and not adminer.txt :D and why would one want to include the adminer script into the global template:)

Ever hear of a point of intrusion?  Very possible to use a similar file name to something that is already on the system so that those that are not very technically inclined may overlook it since they utilize something by that name - and WP is a fairly common point of intrusion if it (and it's add-ons/plug-ins) is not kept up to date... of course I'm sure you were already aware of that.
Utilize an SQL injection and insert a call to a "text" file (that may not be a .txt file) in the template and then you could be in for all kinds of fun.

 

 

EmpireKicking Experienced

EmpireKicking

Posted
  • Author
Posted
11 minutes ago, Tracy Perry said:

Ever hear of a point of intrusion?  Very possible to use a similar file name to something that is already on the system so that those that are not very technically inclined may overlook it since they utilize something by that name - and WP is a fairly common point of intrusion if it (and it's add-ons/plug-ins) is not kept up to date... of course I'm sure you were already aware of that.

 

 

Got nothing to do with WordPress, like I said before. I have WordPress located under a different domain with one or two plugins, I had it installed for 8 or more months on maintenance closed page. And I said before that I have a test website which the ACP is working with no problems.

The files doesn't exist, and can't find anything similar or possibly losing my mind :p

Tracy Perry Enthusiast

Tracy Perry

Posted
Posted
9 minutes ago, EmpireKickAss said:

Got nothing to do with WordPress, like I said before. I have WordPress located under a different domain with one or two plugins, I had it installed for 8 or more months on maintenance closed page. And I said before that I have a test website which the ACP is working with no problems.

The files doesn't exist, and can't find anything similar or possibly losing my mind :p

If you think just because you have it under a different domain you are safe... then you are under a false sense of security.  The ONLY way you could do that if it was on another server entirely.

How do you think shared hosting accounts get crapped on?  There is an attack vector on another client (entirely different) than yours and because they allow an intrusion into the DB, it can likely lead to ALL accounts on that SQL server instance being effected.
And the point I was attempting to make is... WordPress could be a point of INTRUSION that allow(ed) a SQL injection. 

TAMAN Grand Master

TAMAN

Posted
Posted

As far as i know if any of forum folder permissions or a file set to 00 you will get a blank white page and this happens when you manually moved your public_html files and folders using drag and drop on Cpanle file Manager sometimes, it happened to me.

anyways you should really check your forum "admin" folder permissions it should be set to to 644 or 755 otherwise you will get a blank page : ) 

EmpireKicking Experienced

EmpireKicking

Posted
  • Author
Posted
23 minutes ago, TAMAN said:

As far as i know if any of forum folder permissions or a file set to 00 you will get a blank white page and this happens when you manually moved your public_html files and folders using drag and drop on Cpanle file Manager sometimes, it happened to me.

anyways you should really check your forum "admin" folder permissions it should be set to to 644 or 755 otherwise you will get a blank page : ) 

Aren't that. But I double check anyway. :)

Edit: Already set to 755...

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...