Text only | Text with Images

Simple Machines Community Forum

SMF Support => SMF 2.0.x Support => Topic started by: novill on February 03, 2018, 02:59:52 AM

Title: Failed to run the PHP program for security reasons
Post by: novill on February 03, 2018, 02:59:52 AM
My forum is down.
It's show the flowing error:
QuoteFailed to run the PHP program for security reasons.
Contact the creator of the page.
I have downloaded, the status.php from the tools menu. When I run it on my site it show the flowing code:
Code Select
Fatal error: Uncaught Error: Call to undefined function set_magic_quotes_runtime() in /***/***/villanyszerelo.forum.hu/status.php:39 Stack trace: #0 /***/***/villanyszerelo.forum.hu/status.php(28): initialize_inputs() #1 {main} thrown in /***/***/villanyszerelo.forum.hu/status.phpon line 39


I have turned on the php log function on my site. It's show the same error.

Code Select
[03-Feb-2018 03:14:11 Europe/Budapest] PHP Fatal error:  Uncaught Error: Call to undefined function set_magic_quotes_runtime() in /***/***/villanyszerelo.forum.hu/status.php:39
Stack trace:
#0 /***/***/villanyszerelo.forum.hu/status.php(28): initialize_inputs()
#1 {main}
  thrown in /***/***/villanyszerelo.forum.hu/status.php on line 39


I haven't modified nothing on my site. So what can be the problem?
Title: Failed to run the PHP program for security reasons.
Post by: novill on February 03, 2018, 03:37:52 AM
My forum is down.
It's show the flowing error:
Quote
Failed to run the PHP program for security reasons.
Contact the creator of the page.
I have downloaded, the status.php from the tools menu. When I run it on my site it show the flowing code:
Code: [Select]
Fatal error: Uncaught Error: Call to undefined function set_magic_quotes_runtime() in /***/***/villanyszerelo.forum.hu/status.php:39 Stack trace: #0 /***/***/villanyszerelo.forum.hu/status.php(28): initialize_inputs() #1 {main} thrown in /***/***/villanyszerelo.forum.hu/status.phpon line 39


I have turned on the php log function on my site. It's show the same error.

Code: [Select]
[03-Feb-2018 03:14:11 Europe/Budapest] PHP Fatal error:  Uncaught Error: Call to undefined function set_magic_quotes_runtime() in /***/***/villanyszerelo.forum.hu/status.php:39
Stack trace:
#0 /***/***/villanyszerelo.forum.hu/status.php(28): initialize_inputs()
#1 {main}
  thrown in /***/***/villanyszerelo.forum.hu/status.php on line 39

I haven't modified nothing on my site. So what can be the problem?
My forum is running on 2.0.15 version
Title: Re: Failed to run the PHP program for security reasons
Post by: novill on February 03, 2018, 03:40:18 AM
I have created to the wrong section my topic. I can't remove it.
@moderator: Please remove it. My forum is running on 2.0.15 version, not in 2.1
Thanks
Title: Re: Failed to run the PHP program for security reasons
Post by: Aleksi "Lex" Kilpinen on February 03, 2018, 03:54:44 AM
Merged.

Does your server's error log offer any more detailed error message?
Title: Re: Failed to run the PHP program for security reasons
Post by: novill on February 03, 2018, 03:56:26 AM
NO :(
Title: Re: Failed to run the PHP program for security reasons
Post by: novill on February 03, 2018, 09:22:53 AM
I have checked the log_errors mysql table, and there are lots off errors, this two are this:
Code Select
2: Parameter 1 to KB_ob() expected to be a reference, value given
Code Select
2: Parameter 1 to smart_pagination_buffer() expected to be a reference, value given

Maybe this is the problem?

The site is still down. I can't find the solution.
Title: Re: Failed to run the PHP program for security reasons
Post by: Illori on February 03, 2018, 10:01:40 AM
you need to find the server error log not the SMF error log.
Title: Re: Failed to run the PHP program for security reasons
Post by: vbgamer45 on February 03, 2018, 10:27:37 AM
You have to either downgrade your php version or install SMF 2.0.15\

set_magic_quotes_runtime is not in SMF 2.0.15
Title: Re: Failed to run the PHP program for security reasons
Post by: novill on February 03, 2018, 10:43:29 AM
I have the reason.
My web service provider has noticed that my site was tried to hack. They have send my the flowing information.

QuoteThe virus protection of our system has been activated because they tried to break the page: topic = 2178.0 AnD BeNChMaRK (2999999, MD5 (NOW ())
This system detected this and moved the file to quarantine. We have removed this from the quarantine, but try to inform the programmer to update the program code so that it can not be exploited on the vulnerability page.

I asked for more detailed information

update:

I have received the web server traffic log. I can see the following information.

Quotexxx.xx.238.26 - - [02/Feb/2018:19:28:19 +0100] "GET /index.php?topic=2178.0'\" HTTP/1.1" 200 97767 "-" "-"
xxx.xx.238.26 - - [02/Feb/2018:19:28:21 +0100] "GET /index.php?topic=2178.0 HTTP/1.1" 200 97767 "-" "-"
xxx.xx.238.26 - - [02/Feb/2018:19:28:22 +0100] "GET /index.php?topic=2178.02121121121212.1 HTTP/1.1" 200 97743 "-" "-"
xxx.xx.238.26 - - [02/Feb/2018:19:28:23 +0100] "GET /index.php?topic=2178.0%20and%201%3D1 HTTP/1.1" 200 97755 "-" "-"
xxx.xx.238.26 - - [02/Feb/2018:19:28:24 +0100] "GET /index.php?topic=2178.0%20and%201%3E1 HTTP/1.1" 200 97767 "-" "-" 
Title: Re: Failed to run the PHP program for security reasons
Post by: vbgamer45 on February 03, 2018, 12:15:39 PM
That's normal that's standard hack bot it will try but fails since SMF is protected against that issue.
Title: Re: Failed to run the PHP program for security reasons
Post by: novill on February 03, 2018, 12:30:51 PM
Thanks for the information :)
Text only | Text with Images