Unable to load the 'main' template.

[tricities]

• The forum got hacked targeting I.E. users. 
• All php files had many lines of encrypted coding prior to the first php command even though we had Zblock running. 
• The forum manager can no longer be contacted for years now. 
• I upgraded last night from version 1 to version 2 via FTP not knowing what I was doing and it's now letting in I.E. users, but the theme is different.
• The forum is hosted at hostforweb who says we're on a very old server and they want to migrate us to a new server with downtime involved.  Since the ministry is paying for hostforweb there's no reason to do so any longer when they can just host the forum under a subdomain of the main website host at mychristianwebhost
• mychristianwebhost offers an install of version 1 but says I can install manually version 2.  I tried and failed.
• So in going back to the forum as upgraded as it is, I was able to take over the admin controls except the admin button says, "unable to load the main template'.
• I've read your forum for all instance of users having this same problem.  Most instructions are Greek to me or require my being able to actually use the admin button to install a new theme.
• I went to all themes Fred might have installed and tested and stripped out the offending PHP coding that the trojan left.  That didn't work either.
• I told UCFM that they could pay you $50 to fix this, but then I find it's not really an offer to hire someone to fix it but just to be able to read forum posts that may be more technical, which won't help me since I do not know PHP and I have never used this forum before nor managed one.
•   I am now getting hundreds and hundreds of emails to my business email address that are from Cron Daemon and do not know where I've used my personal business related email address to go take it off and use some other one.  These emails are now burying my inbox!!

How do I hire someone who knows how to fix ALL of this and to get it migrated from hostforweb to mychristianwebhost?

And is it safe to use a subdomain or will that open the doors to another trojan to be able to destroy the good domain the next time?

Top priorities: Stop those blasted emails and be able to use the Admin button to install a new theme. 

I am in a great hurry because hostforweb is going to move us to a new server even without my permission and I've told the to wait for my answer on Monday and they may not wait.

Please contact me asap.
Tina Whittimore

E-mail removed to stop you from being spammed - Iris.

[Kindred]

You can not use a 1.1.x theme on a 2.0.x installation...  Period.

That might lead to your reported issue.

Did you do the upgrade? Did it compketely successfully?

If so, then your only problem comes from trying to use a theme That can't be used.

As for moving to a new host...    Please read the FAQ on moving servers.

[tricities]

I don't know which theme uses what version but the install came fresh with "core" and "default".
But I cannot use the Admin button to even see which theme is installed or install one.

The admin button drop down contains these links (and the message "Unable to load the main template".

Features and Options
Package Manager
Error Logs
Permissions

[tricities]

Here is a printscreen

I have been up for two days reading all of the migration FAQs and it did not work because there is a Table Prefix on the database tables and mychristianwebhost doesn't have clear instructions on that.

I seriously need to hire someone who can do this.

[tricities]

Just an FYI:
Here's the email I got when hostforweb did a scan before I upgraded:

Hello,

The scan has finished and 3 infections have been found:

{HEX}gzbase64.inject.unclassed.15 : /home/ucfmcomm/public_html/plockpro/index.php
{HEX}gzbase64.inject.unclassed.15 : /home/ucfmcomm/public_html/plockpro/truths.thanks.php
{HEX}php.exe.globals.399 : /home/ucfmcomm/public_html/school/KILL_)unpack.php



Here's what I found as well:

/dev/stderr


Scanning for Trojan Horses

Possible Trojan - /usr/bin/dbiprof
Possible Trojan - /usr/bin/xmlcatalog
Possible Trojan - /usr/bin/xmllint
Possible Trojan - /usr/bin/xml2-config
Possible Trojan - /usr/bin/curl
Possible Trojan - /usr/lib/libcurlso300
Possible Trojan - /usr/bin/unzzip
Possible Trojan - /usr/bin/unzzipcat
Possible Trojan - /usr/bin/unzzipdir
Possible Trojan - /usr/bin/zzcat
Possible Trojan - /usr/bin/zzdir
Possible Trojan - /usr/bin/zzxorcat
Possible Trojan - /usr/bin/zzxorcopy
Possible Trojan - /usr/bin/zzxordir
Possible Trojan - /usr/lib/libexifso1200
Possible Trojan - /usr/bin/curl-config
Possible Trojan - /usr/bin/mysqlhotcopy
Possible Trojan - /usr/sbin/pureauth
Possible Trojan - /etc/rcd/initd/nsd
Possible Trojan - /usr/bin/xslt-config
Possible Trojan - /usr/bin/cpan
Possible Trojan - /usr/bin/instmodsh
Possible Trojan - /usr/bin/prove
Possible Trojan - /usr/bin/psed
Possible Trojan - /usr/bin/pstruct
Possible Trojan - /usr/bin/s2p
Possible Trojan - /usr/bin/splain
Possible Trojan - /usr/bin/xsubpp
Possible Trojan - /usr/bin/xsltproc
Possible Trojan - /usr/lib/libexsltso0813
Possible Trojan - /usr/lib/libmingso02
Possible Trojan - /usr/include/mingpph
Possible Trojan - /usr/sbin/packer

33 POSSIBLE Trojans Detected

[tricities]

Upgrade Complete
That wasn't so hard, was it? Now you are ready to use your installation of SMF. Hope you like it!

If you had any problems with this upgrade, or have any problems using SMF, please don't hesitate to look to us for assistance.

Best of luck,
Simple Machines

We cannot get into the administrative area.  Please help solve this..................

Ran the repair tool and am now getting this:


Notice: Undefined variable: cachedir in /home/ucfmcomm/public_html/pmb/Settings.php on line 51

Fatal error: Call to undefined function: array_combine() in /home/ucfmcomm/public_html/pmb/Sources/Subs-Db-mysql.php on line 649



Just wonderful..............

[Dragooon]

Fatal error: Call to undefined function: array_combine() in /home/ucfmcomm/public_html/pmb/Sources/Subs-Db-mysql.php on line 649

...
...
.....What PHP version are you on?

[Irisado]

I've merged some posts together, as it was unnecessary to make so many separate posts in a row.

To avoid duplicate topics, if you would like someone to have the login details to your forum and actually do all the work for you, I will move this topic to Help Wanted if you can just say whether you want Free or Paid help.  If you're happy to fix it yourself by following instructions and advice posted as replies, then I will leave the topic here.

[Kindred]

Irisado,  I wish you had not done that, since the user seems to have distinct issues, although they may be related...    Now I am compketely list as to what has been addressed and what has now.

1- the hacked files....   The possible Trojans seem silly...  If the hacker had access to those directories, then you need to have a word with your host...   Those directories should never, ever, ever, be accessible from the web.   The other, possible injections...   Yes, the second two, especially the third file, are things that look out of place and should be killed with fire, Imo.
What else is I. The school directory?
If you got hacked, then the hacker probably did more than inject code... He probably dropped a payload directory or files buried in your directory structure.

2- migrations...
I have no idea what you mean by "there is a table prefix..."    Yes. All smf tables should have a prefix which was chosen when the system was initially set up. The upgrader knows what the prefix is, because the settings.pho file tells it... And it should be able to handle it.
Migration to another server has a separate faq entry in the wiki and is fairly straight forward, as long as you have the database and files backed up and then restored on the new server.

3- upgrade issues...   Have you successfully migrated already? Did you clear all of the hacked files and payloads?  If so, then dragooon's question is next. What version of php?

[Irisado]

Irisado,  I wish you had not done that, since the user seems to have distinct issues, although they may be related...    Now I am compketely list as to what has been addressed and what has now.

I remember all the separate posts, so I can put hr tags to divide the merged ones if that's of any use .

[tricities]

I have not migrated yet.  I was trying to with no success.  So I went back to where it is hosted already and upgraded but cannot get into the Admin area because it cannot find some theme even though only two themes are installed which came with the upgrade. 

http://www.ucfm2.com/pmb/phpinfo.php
(where the forum is right now sitting on an old unsupported server that hostforweb says cannot help me unless they change servers and restore backups but I'm afraid I don't have backups without trojans on them, so I think they're only interests is that this entire server was attacked because they said they were checking other accounts and I don't think they have any interest in fixing the forum but just reinstalling files that are obviously corrupted or eventually tell me "too bad, start from scratch")

http://www.ucfm.org/phpinfo.php
(where I want it to migrate but in sub domain of pmb.ucfm.org - if safe to do - but the directory structure they have set up is very strange.  I created a sub domain of pmb.ucfm.org and when I use Filezilla this is the structure that I see on the server:  ucfm.org/subdomains/pmb/httpdocs/pmb/) and here's what I have so far:  http://pmb.ucfm.org/pmb/   But I cannot import the database backup because when I edit the Settings.php file's  $db_prefix and save the file back to the server and then open that file the prefix of pmb_ for the tables is back to being empty again.  So I checked the permissions and they're all over the place and I change them and they won't change and just restore to whatever mychristianwebhost initially set them up as.  And if I were able to change the prefix below, how is that going to affect any links all across the board?

########## Database Info ##########
$db_server = 'xxxxx';
$db_name = 'xxxxxxxxxxxxx';
$db_user = 'xxxxxxxxxxxxx';
$db_passwd = 'xxxxxxxxxxxxx';
$db_prefix = '';
$db_persist = 0;
$db_error_send = 1;

So, since these two hosts and all other hosts I've ever dealt with do not compare to the fantastic, never a problem, great tech support service I've had with Godaddy for hundreds of my clients, I've used their installer to set up the forum on my server there.  So far I've only   
http://tricitieswebsolutions.com/UCFM/phpinfo.php (testing migration onto my Godaddy server)
But now I'm in a dilemma. The db_prefix there was smf_ so I changed it to pmb_ and plan on importing the database backup into it today.  But then everyone is saying "restore your backups".  Why would I restore backups that are now on my external hard drive that have trojans on them?  I ran Microsoft Security freebie package on my hard drive and it found nothing yet all the php files have hundreds of lines of coding before the <?php starts with its own and now you say it's probably even deeper than that.  And Fred has a massive amount of files that I don't know are working files and some that he's named KILL___ whatever that means, and database tables and databases that I have no idea if are connected at all with this forum or what to eventually restore to get any theme back or administrative area working on the old host or even the new ones if they also break.  It's a complete mess and I'm very frustrated and all I want to do is pay the $50 per year that gets me tech support to do this but find that I'm only going to be reading even more instructions for myself to do this, and I have other clients to be working on and I do this client for free.  Isn't there somebody that can fix all of this for me?

[tricities]

Oh.........just great!  http://www.simplemachines.org/community/index.php?topic=374178.0

No telling what bad backups I have.

I'm about to cry

[tricities]

Now I've run into another problem related to what I've said above.
On Godaddy server (above) I changed the setting.php table from smf_ to pmb_ on that line item since all the database tables that I'll import start with pmb_

I go to the forum at http://tricitieswebsolutions.com/UCFM/index.php?action=admin;area=packages;sa=browse;a9aca8ec92c0=4d6bb95153d904d6dac4d68f9493846a

and it says: PHP 5.5 compatibility issues and several other bugs have been fixed. You can install this patch (click here to install) to fix your forum and update it to 2.0.7.

So I click the link and it says: Table 'trixxxxxxxxxxx.pmb_settings' doesn't exist

This tells me that settings.php file, if changed to an addition or an edit of the database table prefix is simply going to break things.  So now I cannot migrate to a new server anyway.

[tricities]

So, I imported the sql backup and now have on Godaddy server both pmb_ prefix tables that I imported from backup, and smf_ prefix tables that Godaddy installed.  The settings.php file now says pmb_ for the prefix.  I go to the forum's link: http://tricitieswebsolutions.com/UCFM/ and the page that comes up says: Unknown column 'a.attachment_type' in 'field list'

So a third broken forum.

Does this ever end?

[tricities]

Now got this email :

There has been a problem with the database!

This is a notice email to let you know that SMF could not connect to the database, contact your host if this continues.

[tricities]

Clicking on any table in the database gets me this problem: http://stackoverflow.com/questions/26242624/phpmyadmin-no-activity-within-1800-seconds-please-log-in-again-error

But I have no config file to edit, so cannot fix this issue.

Surely there is someone who can take the forum and move it somewhere else and restore it without the trojan.

Anyone?

[tricities]

There is no "Migration WIKI"


Applications-system-3.png Installing SMF

    Introduction to installing
    Installing
    Requirements and recommendations
    Converting
    Upgrading
    Patching



where?

[Arantor]

I assume Kindred meant: How do I move my SMF forum to a different host?

[tricities]

    Step 1 - Move the public html files of the forum (these are the files in your forum install directory). Usually, the best way to do this will be to download the files to your pc, and then upload them again on the new host. Some hosts have a "transfer service" which will log into your old host via FTP, grab all the files, and copy them to your new host. If your host has this feature, it is up to you to make certain that all of the files were successfully transferred.


This is the suggestion when I have trojan corrupted files?

I don't think so!

[Arantor]

That's the migration wiki, it doesn't cover dealing with hacked files.

The course of action for infected files would be 'clean set of files' and/or retaining someone competent to deal with it. I'm sufficiently competent but I doubt you'd want to pay my rates (which start at $200 for a malware clean up and go up sharply)