lanfear
10-23-2006, 09:13 AM
First off, i am a newb at this, but we all have to learn somewhere right?
My site is a forum:
IPB Version v2.1.7
SQL Version MYSQL (4.1.21-standard-log)
PHP Version 4.4.4 (cgi)
Yesterday we started encuntering an error when a user clicks "view new posts" or "get active topics" and screen shows blank instead of loading results. Same thing when one tries to directly click on the icon that represents a new post (the end of the url says view=getnewpost on all ares showing errors) No 404 or other error is reported, just an empty page. In addition, the following error report comes up when a one tries to edit a post:
IPB WARNING [2] Cannot modify header information - headers already sent by (output started at /home/domain/public_html/index.php:2) (Line: 1246 of /sources/action_public/xmlout.php)
IPB WARNING [2] Cannot modify header information - headers already sent by (output started at /home/domain/public_html/index.php:2) (Line: 1247 of /sources/action_public/xmlout.php)
IPB WARNING [2] Cannot modify header information - headers already sent by (output started at /home/domain/public_html/index.php:2) (Line: 1248 of /sources/action_public/xmlout.php)
IPB WARNING [2] Cannot modify header information - headers already sent by (output started at /home/domain/public_html/index.php:2) (Line: 1249 of /sources/action_public/xmlout.php)
IPB WARNING [2] Cannot modify header information - headers already sent by (output started at /home/domain/public_html/index.php:2) (Line: 1250 of /sources/action_public/xmlout.php)
IPB WARNING [2] Cannot modify header information - headers already sent by (output started at /home/domain/public_html/index.php:2) (Line: 600 of /sources/action_public/xmlout.php)
*note: "domain"=my site name
But the edit is still allowed and posted normally, this message appears above the box where text is entered.
My normal web guru and the one who created site is currently out of reach, so I am trying to take a crash course in php and SQL, but there is a lot to learn lol. If someone could give me a place to start looking, and what i am looking for. Please note, this is a possible hack attempt using sql injection to exploit IPB vulnerability, but I am unsure of that at this point. there were a number of accesses to the site in our stats using proxies at around the same time that did not exhibit the normal user pattern (ie no accessing of board index, or viewing of any topics) If this is the case, what should I be looking for to fix.
The only changes I made during the same time frame is to add a meta tag to the index.php file to facilitate a google indexing. When error was noticed, I restored original index.php file to the correct directory (public_html) and error remained.
i realize this problem is possibly complex, I have tried to give a complete picture here as I know it is maddening when people post questions then provide no information to help resolve. I am not asking anyone to fix it for me, I know I will have to dig in and do a little learning on my own. i am just wondering if someone can link me to resources or provide an idea of where to start...
Thanks so much in advance for any help you may have to offer :D
edit: I have isolated the appropriate sections pointed to in above error message, the code there reads as follows:
require_once( ROOT_PATH.'sources/action_public/search.php' );
$this->search = new search();
$this->search->ipsclass =& $this->ipsclass;
//-----------------------------------------
// Do we have any forums to search in?
//-----------------------------------------
$this->ipsclass->input['forums'] = 'all';
$this->ipsclass->input['CODE'] = 'getnew';
$forums = $this->search->get_searchable_forums();
if ( $forums == "" )
{
return $this->error_handler();
}
and...
if ( ( $topic['state'] != 'open' ) and ( ! $this->ipsclass->member['g_is_supmod'] ) )
{
if ( $this->ipsclass->member['g_post_closed'] != 1 )
{
@header( "Content-type: text/plain" );
$this->print_nocache_headers();
print 'nopermission';
exit();
}
}
if ( $this->ipsclass->check_perms( $this->ipsclass->forums->forum_by_id[ $fid ]['reply_perms'] ) == FALSE )
{
@header( "Content-type: text/plain" );
$this->print_nocache_headers();
print 'nopermission';
exit();
}
if ( $this->ipsclass->forums->forum_by_id[ $fid ]['status'] == 0 )
{
@header( "Content-type: text/plain" );
$this->print_nocache_headers();
print 'nopermission';
exit();
}
thought this may help, apologies for long post...
My site is a forum:
IPB Version v2.1.7
SQL Version MYSQL (4.1.21-standard-log)
PHP Version 4.4.4 (cgi)
Yesterday we started encuntering an error when a user clicks "view new posts" or "get active topics" and screen shows blank instead of loading results. Same thing when one tries to directly click on the icon that represents a new post (the end of the url says view=getnewpost on all ares showing errors) No 404 or other error is reported, just an empty page. In addition, the following error report comes up when a one tries to edit a post:
IPB WARNING [2] Cannot modify header information - headers already sent by (output started at /home/domain/public_html/index.php:2) (Line: 1246 of /sources/action_public/xmlout.php)
IPB WARNING [2] Cannot modify header information - headers already sent by (output started at /home/domain/public_html/index.php:2) (Line: 1247 of /sources/action_public/xmlout.php)
IPB WARNING [2] Cannot modify header information - headers already sent by (output started at /home/domain/public_html/index.php:2) (Line: 1248 of /sources/action_public/xmlout.php)
IPB WARNING [2] Cannot modify header information - headers already sent by (output started at /home/domain/public_html/index.php:2) (Line: 1249 of /sources/action_public/xmlout.php)
IPB WARNING [2] Cannot modify header information - headers already sent by (output started at /home/domain/public_html/index.php:2) (Line: 1250 of /sources/action_public/xmlout.php)
IPB WARNING [2] Cannot modify header information - headers already sent by (output started at /home/domain/public_html/index.php:2) (Line: 600 of /sources/action_public/xmlout.php)
*note: "domain"=my site name
But the edit is still allowed and posted normally, this message appears above the box where text is entered.
My normal web guru and the one who created site is currently out of reach, so I am trying to take a crash course in php and SQL, but there is a lot to learn lol. If someone could give me a place to start looking, and what i am looking for. Please note, this is a possible hack attempt using sql injection to exploit IPB vulnerability, but I am unsure of that at this point. there were a number of accesses to the site in our stats using proxies at around the same time that did not exhibit the normal user pattern (ie no accessing of board index, or viewing of any topics) If this is the case, what should I be looking for to fix.
The only changes I made during the same time frame is to add a meta tag to the index.php file to facilitate a google indexing. When error was noticed, I restored original index.php file to the correct directory (public_html) and error remained.
i realize this problem is possibly complex, I have tried to give a complete picture here as I know it is maddening when people post questions then provide no information to help resolve. I am not asking anyone to fix it for me, I know I will have to dig in and do a little learning on my own. i am just wondering if someone can link me to resources or provide an idea of where to start...
Thanks so much in advance for any help you may have to offer :D
edit: I have isolated the appropriate sections pointed to in above error message, the code there reads as follows:
require_once( ROOT_PATH.'sources/action_public/search.php' );
$this->search = new search();
$this->search->ipsclass =& $this->ipsclass;
//-----------------------------------------
// Do we have any forums to search in?
//-----------------------------------------
$this->ipsclass->input['forums'] = 'all';
$this->ipsclass->input['CODE'] = 'getnew';
$forums = $this->search->get_searchable_forums();
if ( $forums == "" )
{
return $this->error_handler();
}
and...
if ( ( $topic['state'] != 'open' ) and ( ! $this->ipsclass->member['g_is_supmod'] ) )
{
if ( $this->ipsclass->member['g_post_closed'] != 1 )
{
@header( "Content-type: text/plain" );
$this->print_nocache_headers();
print 'nopermission';
exit();
}
}
if ( $this->ipsclass->check_perms( $this->ipsclass->forums->forum_by_id[ $fid ]['reply_perms'] ) == FALSE )
{
@header( "Content-type: text/plain" );
$this->print_nocache_headers();
print 'nopermission';
exit();
}
if ( $this->ipsclass->forums->forum_by_id[ $fid ]['status'] == 0 )
{
@header( "Content-type: text/plain" );
$this->print_nocache_headers();
print 'nopermission';
exit();
}
thought this may help, apologies for long post...