News:

Join the Facebook Fan Page.

Main Menu

host.core hack?

Started by Gaming4JC, April 17, 2011, 11:10:04 PM

Previous topic - Next topic

Gaming4JC

Hello,
I got this email from my forum this morning. At first I thought it might be an issue with my host as it said, but I don't believe this is the case. I have not touched the forum since upgrading to RC5 several weeks ago and encouraging my host to upgrade to PHP 5.3. All was fine.

Now this:
QuoteThere has been a problem with the database!

This is a notice email to let you know that SMF could not connect to the database, contact your host if this continues.

My first instinct. Check the database! Sure enough it's working fine, and nothing tampered, thank goodness. My host also seems sound, and only the forum was affected.
So then I decided to look at ftp, and found these files modified...

Quotehost.core 3,444,736 4/17/2011 1:23:00AM
Settings.php 4,451 4/17/2011 1:31:00AM
Settings_bak.php 4,451 4/17/2011 1:31:00AM
ffcache (Forum Firewall), a lot of cache from April 16 at 9:30AM until 1:24AM


My backup file being modified by itself is a bit suspicious. Thankfully I keep backups on my computer just for this reason. You'll find several changes:

Quote$maintenance = 2;
Quote$db_last_error = 1303018270;
Quote$upgradeData = "YTo5OntzOjI6ImlkIjtzOjE6IjEiO3M6NDoibmFtZSI7czo3OiI5NGpDMzIxIjtzOjQ6InBhc3MiO2k6OTI1NjtzOjc6InN0YXJ0ZWQiO2k6MTMwMDY0NzI5NztzOjc6InVwZGF0ZWQiO2k6MTMwMDY0NzQzMjtzOjc6InZlcnNpb24iO3M6NzoiMi4wIFJDNSI7czo0OiJzdGVwIjtpOjQ7czo3OiJzdWJzdGVwIjtzOjE6IjAiO3M6NDoibWFpbiI7aTowO30=";
?>

Before this there was no maintenance, hence it equaled to 0. db_last_error = 0, and there was no $upgradeData.

It acts as if there was an attempted upgrade on my server in the middle of the night, but I don't see how that's possible with the level of security in place. Also the file ownership is apache and I cannot download the host.core file or edit it. "Permission denied"... Interesting eh?  :P




SlammedDime

maintenance = 2 means your forum is inacessible and shows a brief message to everyone, even admins and won't allow access to the forum until it is set back to 0 or 1.

db_last_error is the last time the database had an error that SMF was able to catch.

upgradedata is stored information from an upgrade that did not complete all the way

host.core is a core file that apache dumped because it or something that runs on it (php) dumped core due to a bug in the underlying software.



None of these are hacks, all of them are completely normal and your host is the only one that can analyze the core file to give you more information about what dumped core and why.

Did you remove upgrade.php after you upgraded to RC5?
SlammedDime
Former Lead Customizer
BitBucket Projects
GeekStorage.com Hosting
                      My Mods
SimpleSEF
Ajax Quick Reply
Sitemap
more...
                     

MrPhil

When something (briefly) went south with your database, the timestamp would have been written to Settings.php (accounting for that file being updated), but first the old Settings.php would have been copied over to Settings_bak.php (backup), accounting for that file being updated. Disabling access by setting $maintenance to 2 must be new in SMF 2.0. Dunno why someone or something would be trying to do an upgrade automatically in the middle of the night -- is that something SMF 2.0 does now? Is it configurable?

BTW I've been complaining for years about how stupid it is to rewrite Settings.php every time there's a database glitch -- it often leads, in SMF 1.x anyway, to the Settings.php file being emptied out and trashing the system. Per my sig > Fixes, why not just rewrite a one line timestamp file?

Gaming4JC

Quote
Did you remove upgrade.php after you upgraded to RC5?
Yep.

Quote
Dunno why someone or something would be trying to do an upgrade automatically in the middle of the night -- is that something SMF 2.0 does now? Is it configurable?
Couldn't have said it better myself.

So assuming there is no fowl play at work, I can just delete the .core file and change maintenance mode to 0? I'm still scratching my head at what took place the other night. I've had the forum down until further notice.

Illori

i would let your host know about the .core file as it may contain information about an issue with their configuration that needs to be fixed. you are safe to change maintenance mode back.

Gaming4JC

Works for me, reported the problem to my host, removed little update tidbit and fixed the maintenance mode to 0.
Thanks all for the help!

Advertisement: