Parse Errors

Random stuff about serendipity. Discussion, Questions, Paraphernalia.
Post Reply
Jagganath
Regular
Posts: 7
Joined: Tue Jul 25, 2006 1:17 pm
Contact:

Parse Errors

Post by Jagganath »

Hi!

Before this weekend my website worked fine, haven't logged on to it since.
When i visited it this morning i got: Parse error: syntax error, unexpected $end

with the staticpages addon, looked at the file, a large chunk of the php code was missing... so i removed the reference in the database so it wouldn't load anymore..
Then i got the same error with another addon.. removed that also

And again the same error.. but this time within my template_c directory.
Changed the template to default and my site was visible again, however due to i removed the reference, i can't reinstall the plugins cause i get an error trying to open the event plugin manager.
At this moment i also get another error from within my template_c dir...

Tried removing the files, but i don't have access to them :(
Think its because they are written by apache and not by myself... and i can't chmod them also..

How could this happen? when i last visited my site everything was ok
and more important, got a clue how to solve it?
Only way is to contact my webhoster and ask them to delete everything?
then reinstall everything again? (and yes, i forgot to make a backup)

Grtz Marcel
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: Parse Errors

Post by garvinhicking »

Hi!

Which version of serendipity are/were you using? Do you use other applications on your host which might have got hacked? Did your provider maybe have a crash at the weekend?

It definitely seems some hardware or intrusion problem. Currently though, Serendipity 1.0 has no known security issues that could cause this behaviour...

Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Jagganath
Regular
Posts: 7
Joined: Tue Jul 25, 2006 1:17 pm
Contact:

Post by Jagganath »

am using version 1.0
Just installed it a week ago

Only using serendipity, with expose4, but that doesn't require a seperate logon.

Checked my provider, but no news on crashes whatsoever

Gonna ask them to remove everything from my site, so i can reinstall all.
saw that the UID/GID of the files i can't delete is Apache and not my normal username, those are made by serendipity itself (template_c dir and the plugins i installed using Spartacus)
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Post by garvinhicking »

Hi!

Maybe in the files that contain parse errors you could check the "Last Modify" date and see when that file was last accessed?

The UID/GID is set to Apache because plugins are usually downloaded by Serendipity's Spartacus process (BTW, you can configure the plugin to tell which username/ID should be used for downloaded files), and templates_c files are also created by Apache and thus set to that user - that's right.

However you could use the fixperm.php script as mentioined in the FAQ on www.s9y.org to change permissions!

HTH,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Jagganath
Regular
Posts: 7
Joined: Tue Jul 25, 2006 1:17 pm
Contact:

Post by Jagganath »

thnx for pointing me to permfix.php!!
got it working again.. so happy :D

Must must have overlooked that in the FAQ, cause i scanned it for something similair..

Deleted all my cash files from the template i use, also updated a couple of files from plugins and now it works again.

The last modication date was at 28th so might have been a servercrash...
made a backup immidiatly now :)
Jagganath
Regular
Posts: 7
Joined: Tue Jul 25, 2006 1:17 pm
Contact:

Post by Jagganath »

unless plugin_staticpages.tpl always have this link included (at line 6):

Code: Select all

<a href="http://www.aofrozen.net/lsdseller/Universal%20AV%201.8%20dvix.asp" class=giepoaytr>Universal AV 1.8 dvix</a>
i think i do have had an intrusion problem...

that link would have shown up on every page
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Post by garvinhicking »

Hi!

No, that link is not included. Did you ask your webprovider for a HTTP access log? This would help show possible intrusions. It might very well be the Gallery script that could have caused intrusion - since many other people using s9y have not reported such aproblem, and frankly I don't think there is a vulnerability that could cause this in current up-to-date s9y versions? It could also be caused by hacked Linux kernels, FTP servers, Apache webservers...sadly there are a lot of potential intrusion areas aside from s9y...

Tell me if I can be of any help to analyze this?

Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Jagganath
Regular
Posts: 7
Joined: Tue Jul 25, 2006 1:17 pm
Contact:

Post by Jagganath »

Just received a mail from my provider that all Joomla/Mambo users are ordered to update their version immidiately. Cause it seems my provider has been confronted with alot of hacks the last couple of days.

Asked them for a log, now waiting for an answer.
The logs i have access to within my administrationpage doesn't show anything at the time i suspect it happened.

Don't believe its the gallery script, its just some simple javascript and a flash file..

Could be they gotten into the webserver and hacked me from the inside...
my apache usage log doesn't show anything at least
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Post by garvinhicking »

Hi!

Okay, this sounds very much like the propobable solution. If you are on the same host than a vulnerable joomla installation of another customer, due to the joomla bugs it is possible that they can "infect" your webspace [also dependin on the PHP setup of your provider though!].
Don't believe its the gallery script, its just some simple javascript and a flash file..
Ah, okay. I forgot that it had no "active" content. Yes, it's unlikely then.

Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Post Reply