Site Index is Down

Dawg · Posted: Sat Dec 03, 2005 5:37 am

Greetings Raven and All,
I woke up this morning to find my site down or at least the home page. I get the ol' You can't access this file directly... at the front page. If I go in through the admin ......all seems good. All the mods work...The rest of the site seems to be working just fine. I tried changing the home page mod....No Joy....I reloaded main.file and modules from backup and that did not help. I checked my phpinfo.php and all seemed well....I tried the php_self change at the bottom of mainfile...No Joy.

The site has been running fine for months....no changes done yesterday (I was out of town all day) but the site was up and kicking all day .....I showed it to a couple of customers. When I got home last night I was on for a while but was working on one of my other sites.

I'm stuck....without a clue.

7.2
2.4 patched (The one before surrent)
NukeSentinel(tm) 2.0.2

Any Ideas?

Dawg

Dawg · Posted: Sat Dec 03, 2005 6:08 am

I got it fixed....but check this out....talk about STRANGE.....

IT turns out it was my index.php file

All of the varibles had changed.....

old....(The one NOT working
$_server['php_self'] = "modules.php";

new....(I loaded from a backup)
$_SERVER['PHP_SELF'] = "modules.php";

Another example....

old...
if ($httpref==1) {
$referer = $_server["http_referer"];
$referer = check_html($referer, nohtml);
if ($referer=="" or eregi("^unknown", $referer) or substr("$referer",0,strlen($nukeurl))==$nukeurl or eregi("^bookmark",$referer)) {
} else {
$result = $db->sql_query("insert into ".$prefix."_referer values (null, '$referer')");
}
$numrows = $db->sql_numrows($db->sql_query("select * from ".$prefix."_referer"));
if($numrows>=$httprefmax) {
$result2 = $db->sql_query("delete from ".$prefix."_referer");
}

New.....

if ($httpref==1) {
$referer = $_SERVER["HTTP_REFERER"];
$referer = check_html($referer, nohtml);
if ($referer=="" OR eregi("^unknown", $referer) OR substr("$referer",0,strlen($nukeurl))==$nukeurl OR eregi("^bookmark",$referer)) {
} else {
$result = $db->sql_query("INSERT INTO ".$prefix."_referer VALUES (NULL, '$referer')");
}
$numrows = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_referer"));
if($numrows>=$httprefmax) {
$result2 = $db->sql_query("DELETE FROM ".$prefix."_referer");
}

The entire script is like this.

What is up with that?

Dawg

Dawg · Posted: Wed Dec 21, 2005 9:11 pm

BTW....I resolved this by changing the CHMOD to R R R only....

Ran across this old thread...and forgot to post the solution...

Dawg

Raven · Posted: Wed Dec 21, 2005 9:23 pm

Almost sounds like a cracker overlaid your index.php file?

Dawg · Posted: Thu Dec 22, 2005 2:59 am

I have no idea who or what was doing it but somehow something was doing it. Really strange.

Your theory does make sence.....

Guardian2003 · Site Admin Joined: Aug 28, 2003 Posts: 4658

Although I suspect Raven had the correct answer you might also want to consider that if your site was not on a local machine, is it possible your host did some sort of roll-back and never told you about it?
Might be worth checking forum posts and news articles to see what the last postsed date was.

Dawg · Posted: Thu Dec 22, 2005 12:33 pm

Guardian,
I do not think it was the host. It happened more than once. One time...(when I posted here)....it happened several times within an hour, one time within minutes of when I corrected it.

I looked through the site....did not see anything else amiss....did not see anything missing or rolled back.

I "TRY" to run a pretty tight ship....but you never know.

Dave

Guardian2003 · Site Admin Joined: Aug 28, 2003 Posts: 4658

Dawg, yes I appreciate that. It was just a thought as it is something I had experienced myslef in the past.
So it would seem then that either some unauthorised party has over written the index.php file then or someone with legitimate access has done so inwittingly.