Welcome to Geeklog, Anonymous Tuesday, October 15 2024 @ 09:46 pm EDT
Geeklog Forums
phpbbbridge Hacked ?
Greetings all,
Yesterday I found that when I try to access my Geeklog phpBB section of the site, I get the following error :
An error has occurred:
2 - Illegal string offset: -12 @ /var/www/web23/web/phpBB2/language/lang_english/lang_main.php line 899
And below that is the entire session data listing usernames, database password and tons of other info, ending with the text "(This text is only displayed to users in the group 'Root'"
I looked around initially to try find the problem, line 899 of the above file llists the time zones only and nothing suspicious was found there, so I deleted the entire phpBB dir and reinstalled the plugin, problem still there...
My Geeklog logfile lists the following entry :
[client 196.2.124.251] PHP Fatal error: Call to a member function on a non-object in /var/www/web23/web/phpBB2/includes/sessions.php on line 133, referer: http://www.ukrease.co.za/admin/plugins.php
whenever I try to access the plugins page, line 133 doesn`t help me much and looks fine ?
I disabled the plugin for now and changed all passwords etc etc...any idea where to start fixing this up...
Do I report this on the phpBB website as well ?
Yesterday I found that when I try to access my Geeklog phpBB section of the site, I get the following error :
Text Formatted Code
An error has occurred:
2 - Illegal string offset: -12 @ /var/www/web23/web/phpBB2/language/lang_english/lang_main.php line 899
And below that is the entire session data listing usernames, database password and tons of other info, ending with the text "(This text is only displayed to users in the group 'Root'"
I looked around initially to try find the problem, line 899 of the above file llists the time zones only and nothing suspicious was found there, so I deleted the entire phpBB dir and reinstalled the plugin, problem still there...
My Geeklog logfile lists the following entry :
Text Formatted Code
[client 196.2.124.251] PHP Fatal error: Call to a member function on a non-object in /var/www/web23/web/phpBB2/includes/sessions.php on line 133, referer: http://www.ukrease.co.za/admin/plugins.php
whenever I try to access the plugins page, line 133 doesn`t help me much and looks fine ?
I disabled the plugin for now and changed all passwords etc etc...any idea where to start fixing this up...
Do I report this on the phpBB website as well ?
13
13
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Can't comment on the status of phpBBBridge (does it contain the current version of phpBB?). However, this:
... means that you should set
// of a PHP error. ONLY set this to true with your non-production development
// environments!
$_CONF['rootdebug'] = false;
in your config.php ASAP. It's actually "false" by default, so you must have changed that at one point and forgotten to change it back.
bye, Dirk
Quote by: uKrease
And below that is the entire session data listing usernames, database password and tons of other info, ending with the text "(This text is only displayed to users in the group 'Root'"
... means that you should set
Text Formatted Code
// When set to true, this will display /detailed/ debug information in the event// of a PHP error. ONLY set this to true with your non-production development
// environments!
$_CONF['rootdebug'] = false;
in your config.php ASAP. It's actually "false" by default, so you must have changed that at one point and forgotten to change it back.
bye, Dirk
11
8
Quote
Status: offline
uKrease
Forum User
Junior
Registered: 01/30/06
Posts: 24
Location:JHB ZA
Hi Dirk,
$_CONF['rootdebug'] was set to false, and I`m running the latest version of phpbbbridge which is 111 as per the plugins page and the latest Geeklog...
Some other info about the problem :
This was found in the log files as well :
Sat 28 Apr 2007 17:35:06 SAST - Error, invalid username: 'Gambrinus'
Sat 28 Apr 2007 18:54:29 SAST - Error, invalid username: 'Megabban'
Sat 28 Apr 2007 20:23:54 SAST - Error, invalid username: 'shroom'
Sun 29 Apr 2007 02:38:28 SAST - Error, invalid username: 'Tarasolas'
Sun 29 Apr 2007 10:14:01 SAST - Error, invalid username: 'Geoptruoi'
Sun 29 Apr 2007 10:21:22 SAST - Error, invalid username: 'Fapolasis'
Sun 29 Apr 2007 10:58:18 SAST - Error, invalid username: 'Mussolina'
Sun 29 Apr 2007 12:32:11 SAST - Error, invalid username: 'jimboboju'
Sun 29 Apr 2007 20:37:56 SAST - Error, invalid username: 'Bandarelad'
Sun 29 Apr 2007 20:48:02 SAST - Error, invalid username: 'Muronnist'
Mon 30 Apr 2007 02:08:11 SAST - Error, invalid username: 'their3114@ukrease.co.za'
Mon 30 Apr 2007 05:40:16 SAST - Error, invalid username: 'Hellsivin'
Mon 30 Apr 2007 06:11:25 SAST - Error, invalid username: 'dddddddab'
Mon 30 Apr 2007 10:01:41 SAST - Error, invalid username: 'Olikulirt'
Mon 30 Apr 2007 10:02:38 SAST - Error, invalid username: 'Kresturis'
Mon 30 Apr 2007 10:29:53 SAST - Error, invalid username: 'nubtestloa'
Mon 30 Apr 2007 12:21:05 SAST - Error, invalid username: 'gggggab'
Tue 01 May 2007 10:02:18 SAST - Error, invalid username: 'sea8078@ukrease.co.za
Content-Transfer-Encoding: 7bit
Content-Type: text/html
Subject: been called much you know at that
bcc: larry@tellingwellsoe.com
lab coats the of distances he grimly'
If that section is only shown to Root, then I guess without root perms no one gets to see the output I do, so I logged in with normal user rights and got an error :
Unfortunately, an error has occurred rendering this page. Please try again later.
This is however being shown due to me changing the db password, as it may have been exposed to unknown people (I`m slighly paranoid)
If I set the passwords correctly I get the same message.
Any suggestions would be great as I have no idea where else to look?
$_CONF['rootdebug'] was set to false, and I`m running the latest version of phpbbbridge which is 111 as per the plugins page and the latest Geeklog...
Some other info about the problem :
This was found in the log files as well :
Text Formatted Code
Sat 28 Apr 2007 17:35:06 SAST - Error, invalid username: 'Gambrinus'
Sat 28 Apr 2007 18:54:29 SAST - Error, invalid username: 'Megabban'
Sat 28 Apr 2007 20:23:54 SAST - Error, invalid username: 'shroom'
Sun 29 Apr 2007 02:38:28 SAST - Error, invalid username: 'Tarasolas'
Sun 29 Apr 2007 10:14:01 SAST - Error, invalid username: 'Geoptruoi'
Sun 29 Apr 2007 10:21:22 SAST - Error, invalid username: 'Fapolasis'
Sun 29 Apr 2007 10:58:18 SAST - Error, invalid username: 'Mussolina'
Sun 29 Apr 2007 12:32:11 SAST - Error, invalid username: 'jimboboju'
Sun 29 Apr 2007 20:37:56 SAST - Error, invalid username: 'Bandarelad'
Sun 29 Apr 2007 20:48:02 SAST - Error, invalid username: 'Muronnist'
Mon 30 Apr 2007 02:08:11 SAST - Error, invalid username: 'their3114@ukrease.co.za'
Mon 30 Apr 2007 05:40:16 SAST - Error, invalid username: 'Hellsivin'
Mon 30 Apr 2007 06:11:25 SAST - Error, invalid username: 'dddddddab'
Mon 30 Apr 2007 10:01:41 SAST - Error, invalid username: 'Olikulirt'
Mon 30 Apr 2007 10:02:38 SAST - Error, invalid username: 'Kresturis'
Mon 30 Apr 2007 10:29:53 SAST - Error, invalid username: 'nubtestloa'
Mon 30 Apr 2007 12:21:05 SAST - Error, invalid username: 'gggggab'
Tue 01 May 2007 10:02:18 SAST - Error, invalid username: 'sea8078@ukrease.co.za
Content-Transfer-Encoding: 7bit
Content-Type: text/html
Subject: been called much you know at that
bcc: larry@tellingwellsoe.com
lab coats the of distances he grimly'
If that section is only shown to Root, then I guess without root perms no one gets to see the output I do, so I logged in with normal user rights and got an error :
Text Formatted Code
Unfortunately, an error has occurred rendering this page. Please try again later.
This is however being shown due to me changing the db password, as it may have been exposed to unknown people (I`m slighly paranoid)
If I set the passwords correctly I get the same message.
Any suggestions would be great as I have no idea where else to look?
10
12
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: uKrease
Unfortunately, an error has occurred rendering this page. Please try again later.
If that section is only shown to Root, then I guess without root perms no one gets to see the output I do, so I logged in with normal user rights and got an error :
Text Formatted Code
Unfortunately, an error has occurred rendering this page. Please try again later.
Ah, okay. So that seems to work as expected, i.e. only Root users are shown all the details and normal visitors just get the non-informative message. So you should be fine there.
The "invalid username" messages in error.log are also "normal" - dictionary attacks and spambots that try to post to everything that looks like a web form.
The actual error (as quoted in your first post) seems to come from phpBB or the bridge, with which I'm not familiar, so I can't help you there, I'm afraid. It may be just some harmless error in phpBB or it's possible that someone hacked the phpBB portion of your site. But, as I said, I'm not in a position to make any judgements about that. All I can say is that it doesn't look like a problem on Geeklog's side.
bye, Dirk
8
9
Quote
Status: offline
uKrease
Forum User
Junior
Registered: 01/30/06
Posts: 24
Location:JHB ZA
Hi again,
When I try to re-enable the phpbbbridge plugin I still get this error :
Can anyone provide assistance with this one ?
Line 133 starts with
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
When I try to re-enable the phpbbbridge plugin I still get this error :
Text Formatted Code
[client 196.2.124.251] PHP Fatal error: Call to a member function on a non-object in /var/www/web23/web/phpBB2/includes/sessions.php on line 133, referer: http://www.ukrease.co.za/admin/plugins.phpCan anyone provide assistance with this one ?
Line 133 starts with
Text Formatted Code
if (!($result = $db->sql_query($sql))){
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
9
11
Quote
uKrease
Anonymous
Hi there,
I tracked it down to the recent installation of the Docuwiki plugin....I initially installed it and it worked OK, then two days later is when I started getting the error messages I reported.
Eventually I disabled the Docuwiki plugin and everything worked fine, has been doing since.
The Docuwiki plugin still remains disabled though...I haven`t bothered to reactivate it and track down what causes it to crash the forum like that...
I tracked it down to the recent installation of the Docuwiki plugin....I initially installed it and it worked OK, then two days later is when I started getting the error messages I reported.
Eventually I disabled the Docuwiki plugin and everything worked fine, has been doing since.
The Docuwiki plugin still remains disabled though...I haven`t bothered to reactivate it and track down what causes it to crash the forum like that...
12
12
Quote
uKrease
Anonymous
If you are getting the same error I got initially, disable the plugins one by one and see if that helps any....
Does your Geeklog log file also have this message reported when it crashes :
"[client 196.2.124.251] PHP Fatal error: Call to a member function on a non-object in <path to webroot>/phpBB2/includes/sessions.php on line 133, referer: http://www.ukrease.co.za/admin/plugins.php"
When I saw that I started disabling the plugins...
Does your Geeklog log file also have this message reported when it crashes :
"[client 196.2.124.251] PHP Fatal error: Call to a member function on a non-object in <path to webroot>/phpBB2/includes/sessions.php on line 133, referer: http://www.ukrease.co.za/admin/plugins.php"
When I saw that I started disabling the plugins...
13
7
Quote
Status: offline
garfy
Forum User
Full Member
Registered: 01/02/05
Posts: 437
Location:EU
No i could not find anything in the error file
I only use default plugins that comes with geeklog
only captcha is an addon
I wonder why this guy that is taking care of phpbridge is not answering at all
at least he could say I dont know or somthing
I only use default plugins that comes with geeklog
only captcha is an addon
I wonder why this guy that is taking care of phpbridge is not answering at all
at least he could say I dont know or somthing
10
12
Quote
Status: offline
jmucchiello
Forum User
Full Member
Registered: 08/29/05
Posts: 985
Quote by: garfy
It's only be 2 hours since you posted your problem. How often is he supposed to check the forums? I wonder why this guy that is taking care of phpbridge is not answering at all
13
10
Quote
All times are EDT. The time is now 09:46 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content