Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By qolspony on
Just recently, someone installed a malicious code at index.php, as a result, the site went down. I attempted to find a duplicate copy of this file so I don't have to reinstall a new copy. This brings up several questions.
1) does an original file exist and where can I search for it. It must be for version 6.1 (or does it manner)?
2) if it doesn't, would reinstalling drupal 6.1 and dragging the other files (module, themes, images, etc) work without any problems?
Index.php was set to permission 644. I don't know how the code could have been manipulated.
Anyway, if there is a quick solution to fixing this problem, please let me know. Avoiding any chance of reinstalling Drupal would be most preferable
sigh....
Comments
It is easy to get index.php
It is easy to get index.php from the Drupal 6.1 package (http://drupal.org/node/227618) and upload it.
But it would be better to upgrade to 6.8, which is more secure, by setting the site to off-line, overwriting all the old Drupal files, and running update.php.
You must also try to find the security vulnerability and prevent it from happening again. Maybe your host can find from the logs when, by whom, and by what means the file was modified. You should also change your Drupal admin password, your database password, your server account password, and check for any dangerous Drupal permissions to Drupal users (for example, permission to post unfiltered HTML or even worse, PHP code).
Permissions 644 for files are OK.
Problem Fixed!
Cog.rusty,
You have been much help in assisting me with my problem and within a five minutes of reading your reply, the problem was fixed (I simply copied the original code into the index.php and saved it). Thank you. The next step is to upgrade to 6.8, but first I will save all files just in case I have to go back (or anything goes wrong with the upgrade process). After this has been accomplished, I hope everything works properly as I will be tempted to downgrade if it doesn't. Lets hope that doesn't happen as it seem to be real easy for someone to manipulate the code controlling the website.
All in all, I'm happy to see my site back up after it being down for two weeks. And will follow your suggestion on modifying all passwords and user names reflecting the overall security of the website/server.
Chris
I'm the owner of 4 domain names. They are concentrated in the areas of cultural news, adult entertainment, travel and an online community. We also moderate various forums that are geared to the above focus.
Community at 24/7
This is nice with this community, lots of knowledgeable people are ready to help us! :)
www.oozman.com
Upgrade Problems
I recently upgraded from 6.1 to 6.8 and I had nothing but problems. As instructed, I deleted the files associated with 6.1 and uploaded the files for 6.8. I could not remove the "sites" directory for some reason (resetting the permissions did not resolve this problem).
Although I was able to access the home page I could not access "user" or "update.php".
Hopefully in the future there is a more streamline approach to upgrading. But now I don't know what to do but to reinstall 6.1.
I have followed the instructions and somehow I keep hitting a brick wall. Maybe someone can guide me in an appropriate direction.
I'm the owner of 4 domain names. They are concentrated in the areas of cultural news, adult entertainment, travel and an online community. We also moderate various forums that are geared to the above focus.
=-=
you have to set the permissions on the sites folder and files contained in it to 777 or 755 to remove them. You may have to do this through your host panel as they are protected after installation.
I don't believe you need to do remove that folder and those files going from 6.1 - 6.8 as settings.php may not have changed. You can do a simple diff on it and see if there have been any changes.
File sizes
Is it normal for file sizes to change once they are uploaded on the server? If this is true, than I don't need to go back and check to see if the "entire" file copied correctly. Did you ever have this problem and what is your recommendation? This is odd, since, I'm not doing anything unusual.
I'm the owner of 4 domain names. They are concentrated in the areas of cultural news, adult entertainment, travel and an online community. We also moderate various forums that are geared to the above focus.
=-=
it is not unheard of that during an upload a file could become corrupted in some way.
Database error
First, I want to thank all the people who have been patient enough to help me get through this upgrade. Upgrades aren't particularly my favorite thing to do and often times I left the site untouch for about a year. But now I'm so close, but everything seems to not be working in my favor.
Anyway...
I can't seem to get beyond this point unless I want to do a new install (install.php).
This is the error that I'm receiving:
Site off-line
The site is currently not available due to technical problems. Please try again later. Thank you for your understanding.
--------------------------------------------------------------------------------
If you are the maintainer of this site, please check your database settings in the settings.php file and ensure that your hosting provider's database server is running. For more help, see the handbook, or contact your hosting provider.
The mysqli error was: Unable to use the MySQLi database because the MySQLi extension for PHP is not installed. Check your
php.inito see how you can enable it.."I have contacted my hosting provider to see if they can help me with this situation. This happened after they moved me to a new server, but maybe I can correct this situation with a little assistance.
I'm the owner of 4 domain names. They are concentrated in the areas of cultural news, adult entertainment, travel and an online community. We also moderate various forums that are geared to the above focus.
=-=
open settings.php
find the line for $db_url
does it have mysqli ? in it? if so, change to mysql and try again.
I encountered this problem
I encountered this problem once, when I switched a site from PHP5 to PHP4 for some reason (by removing a line from my .htaccess file).
It seems that PHP4 on that server did not support "mysqli" but only "mysql" connections. The solution was what VM suggested. (Or, of course, I could have switched back to PHP5.)
It worked
Thanks VeryMisunderstood. It worked.
I'm the owner of 4 domain names. They are concentrated in the areas of cultural news, adult entertainment, travel and an online community. We also moderate various forums that are geared to the above focus.
Update.php
I'm now at the update.php stage and I received the error below. This is probably the final step before I put the site back on line. I do appreciate your help in this situation as I have almost completed the final upgrade.
warning: array_pop() [function.array-pop]: The argument should be an array in /home/blackcon/public_html/update.php on line 315.
The update process was aborted prematurely while running update # in .module. All errors have been logged.
---------------------------------------------------------------------------
This is a follow up to the above message. When I tried to update the site again, I'm automatically sent to the site-offline screen.
When I tried to login, I'm sent back to the site offline page.
When I go to user, I'm sent back to the site- offline page.
When I go to ?q=user, I get this error >> Fatal error: Call to undefined function user_uid_optional_to_arg() in /home/blackcon/public_html/includes/menu.inc on line 599
When I go to update.php, I go to the correct page, but the after preceeding to the next page, I'm bounced back to the same page.
When I attempted to go the mantenience page, I'm sent to the site-offlinepage...
I'm the owner of 4 domain names. They are concentrated in the areas of cultural news, adult entertainment, travel and an online community. We also moderate various forums that are geared to the above focus.
Check if the following 5
Check if the following 5 required modules are all at the right place under /modules, with all their files correctly uploaded, and they haven't been moved:
modules/system
modules/node
modules/user
modules/filter
modules/block
Check the database, in the "system" table, to see whether
- those 5 modules are all enabled (status=1)
- they have the correct path (modules/module-name).
Then run update.php again and see if it still gives you errors. Then try to login using ?q=user