Pages: [1] 
|
 |
|
 Author
|
Topic: Mambo site down also (Read 2885 times)
|
|
tomm
|
Just posted about a Joomla site error. I just posted about a Joomla site problem - I also have a Mambo installation at www.hispresentglory.net which re-directs to www.hispresentglory.net/glory1/ . “glory1” is the I am having a similar type problem with this site also. Home page gives me this error: Parse error: parse error, unexpected T_LNUMBER in /home/hisglory/public_html/glory1/includes/mamboxml.php on line 206 The Administrator Login page gives me this message Parse error: parse error, unexpected T_LNUMBER in /home/hisglory/public_html/glory1/includes/mamboxml.php on line 206 Less than 24 hours ago both these sites were fine (seemingly). What is going on here? Please advise, thanks |
|
|
|
|
Logged
|
|
|
|
|
AlphaWolf
|
Hello Tom
I am not sure what to tell you on this one. You are the 3rd site on Phoenix to say that Mambo or Joomla stopped working in the past 24 hours, but we have not done any changes to the server since upgrading to a more secure FTP version 7 days ago. It is possible someone has found a hack for mambo/joomla and is randomly finding mambo/joomla sites and hacking them.
We have done testing on RAM and hard drive on that server and found no errors. We just completed a full reboot of Phoenix to make sure cache had not somehow become corrupt as well.
Peace
Wolf
|
|
|
|
|
Logged
|
|
|
|
|
AlphaWolf
|
We now have about 10 sites, all Mambo, Joomla or Xoops, reporting problems.
We suspect that someone did a whois on the shared IP on phoneix and that they are hunting for sites vulnerable to hacking. That is all we can figure at this point since Mambo sites ON the same server but with dedicated IP addresses, (such as our Webmaster Resources), have no problems at all. And I am betting we have well over 100 mambo sites on that server, but only a small percentage of them seem to have been affected.
We and the data center are both working on resolving this issue - or at least nailing down the cause and giving users instructions on what to do to rectify the situation.
I am sorry this has gone on for over 24 hours now, but we first had to check all hardware AND file integrity of over 1 million files, (we brought the server down for 65 minutes tonight to do that), before we could be 100% sure it is not an issue with our hardware or file systems.
peace
Wolf
|
|
|
|
|
Logged
|
|
|
|
|
AlphaWolf
|
You have definitely BEEN HACKED! You need to FTP into your site and delete EVERY .htaccess file in every directory under your main Mambo or Joomla directory.
If that doesnt do it, we have a list of files that seemed suspicious, but those need to be deleted WITH CAUTION since we do not know if they are part of Mambo or Joomla.
Your best bet is to go to a Mambo/Joomla support site and see what you can find out about this kind of hack
It appears it MAY have come from an event calendar posting of an event? But I am not sure. This is based on a guess on the one site I spent 4 hours on to see if we could figure out how to get it back up and running.
peace
Wolf
|
|
|
|
|
Logged
|
|
|
|
|
AlphaWolf
|
If you still have problems and are BRAVE, here are some file names we found that may be infected
layout.php
options.php
guest.php
commands.php
system.php
time.php
date.php
report.php
properties.php
base.php
download.php
Make SURE you know what you are doing and make SURE that you do not delete ANY files that do not have the same date and time stamp as the .htaccess files do. We still can not guarantee you wont be deleting something you need to make the site run, but we deleted certain instances of files with these names for one account and did not cause an issue.
HOWEVER, if you do NOT get information from Mambor or Joomla on updates or ways to prevent this from happening again, your site could be rehacked at ANY TIME.
peace
Wolf
|
|
|
|
|
Logged
|
|
|
|
|
Pages: [1] 
|
|
|
 |
AlphaOne Technology Support Forums
