XF 2.1 HALP!

mishster

Member
I woke up this morning to this:

Fatal error: Namespace declaration statement has to be the very first statement or after any declare call in the script in /nfs/c11/h02/mnt/205166/domains/forum.bipolarlife.org.au/html/src/XF/Util/Arr.php on line 3

I can't log in to the admin panel either.

Can anyone help?
 

RallyFan

Active member

LINE 1 <?php
LINE 2
LINE 3 namespace XF\Util;
LINE 4
LINE 5 /**
LINE 6 * Basic array utility functions. These replace or extend primitive-level functions
LINE 7 * and thus can be called statically.
LINE 8 */


and the error "Namespace declaration statement has to be the very first statement or after any declare call in the script"

mishter, what that is saying is that line "namespace XF\Util;" either has something before it, or has to be after "any declare call".

If nothing has changed that file that you are aware of, it may point towards:
a) some intrusion on your backend (aka sql injection/breach).
b) an addon/update recently installed/updated which has changed that file.
c) file corruption.

Have a look on your forum at a file level in the directory: /html/src/XF/Util and view the file Arr.php.

That should give you a picture what is going on.

The following file has a space as the first character.

src/XF/Util/Arr.php

Edit the file and remove the space.

Or you can re-upload the file.
The million dollar question that mishter needs to investigate is WHY that file has changed, if nothing has been touched in the background.
 

mishster

Member
The million dollar question that mishter needs to investigate is WHY that file has changed, if nothing has been touched in the background.

@AndyB to the rescue. I can't thank Andy enoughfor his help. Andy was able to determine that I had been hacked and was able to help me restore several files and delete others. Now I'm on a mission to shore up both the XenForo installation and the Wordpress installation as best as humanly possible to hopefully avoid further attacks.
 

RallyFan

Active member
@mishster eugh sorry to hear that. I suspected that might have been the case given that file shouldn't really ever be changed.

If you need some help on Wordpress hardening and .htaccess lockdowns shoot me a PM as it's something I'm actually pretty comfortable/familiar with.

There's some pretty cool stuff you can do with a WP and Xen combination to keep prying eyes away (including honeypots as well), as anything Wordpress will generally cover your Xenforo installation as well.
 
Top