Dizkus

Dear,

Since last week I experienced a lot of troubles with my PN website, mostly with the forum.
I tried a number of things to solve them, but none of it worked untill now.

Here is a recapitulation of my problems:

It all started by clearing a module and its files to get some more free webspace.
I had PostCalendar installed. Therefore, v4blib was needed. I removed PostCalendar as well as v4blib, and made an upgrade from 0.762 to 0.764 (I had to do this because v4blib had replaced some of the core files and without the directory my site was unable to run).

After this upgrade I've experienced troubles with my forum which are now still unresolved.

1) When I'm not logged in and I try to reach the forums, this error is shown:



2) When I log in (as administrator), I manage to see my (sub)forums.
Still, when I try to open a topic, I get the error that (or something similar, I'm using a Dutch PN version).
When I try to reach the adminpanel of the forum, I get the following error: (but first, a bunch of vertical lines appear and my browser slows down).

When trying to open private messages or the user list, I get (respectively) these errors:

As a last problem, when I try to open the photosection of my site, I get the error that my database is empty. (I didn't change a thing here...)

Since then, visitors say that they get a Trojan warning when opening my site. I visit the site everyday and have a good scanner, but have never gotten the error.


I asked help on the Duth PN Community, but they couldn't help me further. The site of www.pnphpbb.com is now already down for more than a week. I'm hoping that there's someone here who could help me.

I'm the webmaster of the site of a youth movement and unfortunately I don't know very much about MYSQL and PHP... I'm just hoping that these problems can be solved without losing all my data.

I also got some pnSecurityAlerts, all caused by my account. But I don't know whether they are the result of something I did wrong or the result of a hack.

Some extra information:

www.chirowoluwe.be WATCH OUT, APPARENTLY MY SITE COULD BE CONTAINING AN UNWANTED TROJAN. I WOULDN'T LIKE TO HARM ANYONE'S COMPUTER.

Apache version 1.3.37 (Unix)
PHP version 4.4.6
MySQL version 4.1.22-standard
Architecture i686

If you need any more information to help me solve this issue, I will post it as soon as I can.

I truly hope that someone can help me out.

Kind regards,

Dwarf.

http://community.postnuke.com/module-Forum-viewtopic-topic-54146-highlight-hacked.htm


--
David Pahl
Zikula Support Team

Thank you for your reply.

I already found those topics but I wasn't sure whether they were talking about the same problem as I have (apparently this is the case).

This is going to sound very stupid, but I can't manage to use phpsecinfo like I'm told.
When I open the link in my browser, I get a 404 error. I'm absolutely sure that I have the correct URL and directory. Really don't know what I'm doing wrong :(

Edit: fixed the problem, something fishy was going on with my directories (or maybe I'm just stupid ;))
Anyway, I see the security information now, but as a complete PHP / MYSQL noob I'm afraid I won't be able to solve them...
When I fix all these warnings, are there other steps to complete, or should my database be running again? (I'm afraid it will not be that simple...)



edited by: Dwarf., Feb 29, 2008 - 10:39 PM

For those using PNphpBB yet not requiring some of the extra phpbb features, I'd recommend moving to pnForum. It's clean, well-maintained, and has many fewer updates to maintain its security. While the latest PNphpBB tries to be secure, many are not aware and do not patch when updates come out. If you'd like a more maintenance free site, use pnForum.

PNphpBB is a great forum, but if you do not apply patches as they come out and maintain it well, you run the risk of having your site affected.

IMO

Thanks for the advice, I will certainly look into it.
Is it possible to change from PNphpBB to pnForum without losing all the data (topics, registered users, etc...)?

Most of the problems generated in phpsecinfo have to be solved by making changes in the php.ini file.

Can someone explain this noob where to find this file and how to make the changes?

Kind regards and my apologies for the dumb questions and the wasting of your time...


Dwarf.

The php.ini file?

create a phpinfo file it will tell you where the file is located. I can speculate, of course but I do not actually know anyhing about your server

--
David Pahl
Zikula Support Team

I've located the php.ini file through the phpinfo, but I cannot seem to access the folder.

Should I be able to do this or is this something to be requested from my host?

You may be able to create an .htaccess file or a directory level php.ini file, or control these things by a control panel interface, but this is only speculation of your server.. If you are unsure about these things, it is probably best to consult with your host, as host configurations vary considerably.

--
David Pahl
Zikula Support Team

While I love and use both forum projects, I really do not understand this advice. Both forum modules need attention and updates in order to stay secure, pnForum is in no way different to PNphpBB2 in this regard.

Let me add, with a stoneage server setup like the one mentioned above (Apache version 1.3.37, PHP version 4.4.6,
MySQL version 4.1.22-standard) I would definitely look out for security problems first there, before talking about possible security issues in PostNuke or it's 3rd party modules.

Greetings,
Chris



edited by: slam, Mar 02, 2008 - 02:41 PM

--
development is life. code.zikula.org
an operating system must operate. sidux.com

Dito. I never understood why people accept their webservers to be outdated while they insist to always use the newest, groovy software on them

Make you providers update your servers! They won't do it if you don't ask them. But there is no use in hoping for web-applications to be secure on a server with for years know security issues.

--
best regards from Kiel, sailing city

Steffen Voss

Member of the PostNuke Steering Committee
Read The Zikulan's Blog

The problem is that this website isn't just mine.
It's the website from a youth movement of which I'm a part.

I only became "webmaster" as of this year, but I don't really know very much about coding etc. The site was build and started by people who know a lot more about this then I do. I already contacted those persons, but didn't receive any feedback yet.

I just know my way around in the CMS of PostNuke, that's all. Unfortunately all these problems are arising now.
I didn't really realise that the servers we're running on are outdated. And is it that easy to ask/demand from our host to make those updates?

Once again I would like to apologise, I'm a big newbie in all of this and all of my questions and remarks are probably basic knowledge for you guys... But everytime something goes wrong, I learn something new when someone can help me solve the problem !
Yet again, thanks for all the advice and help. I will try to contact my host and see what they have to say.

But a very important question (at least, for me): if I'm able to make the changes to the php.ini file as described by phpsecinfo, will my problems be gone, or is there still a lot more to do to solve this? Like I said before, I'm afraid it won't be that easy :(

If there is a budget to pay for professional help, please feel free to ask for it here. I would probably be one of the first persons jumping in - together with others over here.

That said, PostNuke is a common web server based application, relying on a serious web server. If your provider does not provide such, it's time for a change.

Greetings,
Chris

--
development is life. code.zikula.org
an operating system must operate. sidux.com

Slam,

My post was just to point out that pnForum had not needed as many updates purely for security. PNphpBB has had many more. A casual admin may not always be aware of updates or security needs for PNphpBB.

I did not intend to mean that one or the other do not need attention or that pnForum is bug free or totally secure. In my personal experience, many more people have trouble with PNphpBB than pnForum (perhaps due to its wider install base and exploits targeted at phpbb in general).

NCM

Is it possible to get rid of PNphpBB and change to pnForum and in the meanwhile transferring users/topics to the new forum?