Help, forum just stopped working!

[Random]

Hi, overnight my forum has just stopped working.  When I try to get into sections or threads, I get the error 'this board does not exist or is off limits to you'.  I can't get into any thread at all.

In the error log I have these:

: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'new' at line 11
/home/bleeding-hearts/public_html/forum/Sources/Load.php
472

Hacking attempt...

SELECT
c.ID_CAT, b.name AS bname, b.description, b.numTopics, b.memberGroups,
b.ID_PARENT, c.name AS cname, IFNULL(mem.ID_MEMBER, 0) AS ID_MODERATOR,
mem.realName, b.ID_BOARD, b.childLevel,
b.ID_THEME, b.override_theme, b.permission_mode, b.countPosts
FROM smf_boards AS b, smf_topics AS t
LEFT JOIN smf_categories AS c ON (c.ID_CAT = b.ID_CAT)
LEFT JOIN smf_moderators AS mods ON (mods.ID_BOARD = t.ID_BOARD)
LEFT JOIN smf_members AS mem ON (mem.ID_MEMBER = mods.ID_MEMBER)
WHERE b.ID_BOARD = t.ID_BOARD
AND t.ID_TOPIC = 7.new;boardseen
/home/bleeding-hearts/public_html/forum/Sources/Load.php
472

[Random]

Sorry, I'm using SMF 1.1.  I just found this on my host's forum, could this be the php upgrade causing this?

We are currently installing some server updates, including some new security patches for PHP. This will cause a brief outage of the control panel, and possibly websites briefly as well. All other services will continue to operate as per normal

[Random]

Ok, it definitely seems host related, because I'm having similar problems on my test board too.  I uploaded all the files in the MYSQL 5.0.12 patch and it's made no difference, I still can't post anywhere.

[Random]

Just looking again, after uploading the patch files, I can get into all the threads, and the error message now only appears when I hit reply.  Please, anyone got any ideas? 

[Amacythe]

You found the MySQL patch, but missed the one you really need. PHP 4.4.0 Compatibility

[Random]

Ah, so is 1.1 RC 1 not already compatible?  I did look at that thread but when I saw :

If you are using SMF 1.1 Beta 3 Public, you do not need to make any changes.  That version is already compatible with PHP 4.4.0.

I assumed the newer version would also already be compatible?

I'll take a look at that in the morning, thanks 

[Amacythe]

It should have been compatible, but the errors you are getting are similar to that issue.

[dtm.exe]

It should have been compatible, but the errors you are getting are similar to that issue.

They are unrelated.  RC1 is fully compatible with PHP 4.4.0.

[Random]

Has anyone got any ideas please?  I currently have 3 non functioning forums.  I don't have time now, but tomorrow I can post a list of what upgrades the host did, if that will help?

[Random]

Ok, the host applied fixes from red hat for the bugs below:

Bug IDs fixed (http://bugzilla.redhat.com/):
>
> 172207 - CVE-2005-3390 PHP register globals arbitrary code execution
> 172209 - CVE-2005-3389 PHP parse_str can enable register_globals
> 172212 - CVE-2005-3388 PHP phpinfo() XSS attack
> 172589 - CVE-2005-3353 PHP exif data DoS


Bug IDs fixed (http://bugzilla.redhat.com/):
>
> 169760 - CVE-2005-1111 Race condition in cpio
> 172191 - CVE-1999-1572 cpio insecure file creation
>


Bug IDs fixed (http://bugzilla.redhat.com/):
>
> 150778 - issue in fix for CAN-2004-1019
> 172207 - CVE-2005-3390 PHP register globals arbitrary code execution
> 172209 - CVE-2005-3389 PHP parse_str can enable register_globals
> 172212 - CVE-2005-3388 PHP phpinfo() XSS attack

One of these must be the cause i'm sure, I can't believe 3 sites could break simultaneously.

[ih473]

ok. thnx for the redhat info. i called my host, my site also runs on redhat. those updates are the problem. they disabled register_globals for my account and now the forum runs like it used to do.

[Random]

Hi, thankyou very much for that, your host must be much more helpful than mine    When I asked them to try your solution, it fixed the problem straight off