Server error, please try again later

[Divinum Fiat]

Hi all,

For some unexplainable reason I got logged out of my forum and when I try logging back in I get the message "server error, please try again later."

The page is frozen at that error page and no matter what tabs I click, I can't move away from the error page.

Does anyone have an idea of what this could be related to (my other domains, that share the same server, are up and running fine)?

 

[Divinum Fiat]

upload your add-on via filezilla and then try to install your xml file in the "add-on" part of the XF admin panel.

 

[Chris D]

All my add-on tries to do, database-wise is create a table. Nothing out of the ordinary.

Here's the code for anyone who's interested:

<?php
 
class RegFormTimer_Install
{   
    /*
    * Installer for Reg Form Timer add-on.
    */
    public static function installer()
    {           
        $db = XenForo_Application::get('db');
 
        $db->query("
                CREATE TABLE IF NOT EXISTS `xf_reg_form_timer_log` (
              `log_id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`username` VARCHAR(255) DEFAULT NULL ,
`email` VARCHAR(255) DEFAULT NULL ,
`time` INT(10) UNSIGNED DEFAULT NULL ,
`ip` VARCHAR(255) DEFAULT NULL ,
`time_taken` INT(10) UNSIGNED DEFAULT NULL ,
PRIMARY KEY (`log_id`)
                ) ENGINE = InnoDB DEFAULT CHARSET = utf8");
}
 
    /*
    * Uninstaller for Reg Form Timer add-on.
    */
    public static function uninstaller()
    {
        $db = XenForo_Application::get('db');
   
        $db->query("DROP TABLE IF EXISTS `xf_reg_form_timer_log`");
    }   
}

EDIT: I see this error when I go to your install page, now:

Server Error

Access denied for user 'corefree_xenforo'@'localhost' to database 'corefree_xenforo'

1. Zend_Db_Adapter_Mysqli->_connect() in Zend/Db/Adapter/Abstract.php at line 315
2. Zend_Db_Adapter_Abstract->getConnection() in XenForo/Application.php at line 553
3. XenForo_Application->loadDb()
4. call_user_func_array() in XenForo/Application.php at line 780
5. XenForo_Application->lazyLoad() in XenForo/Application.php at line 810
6. XenForo_Application::get() in XenForo/Application.php at line 1099
7. XenForo_Application::getDb() in XenForo/Session.php at line 166
8. XenForo_Session->__construct() in XenForo/Install/Controller/Upgrade.php at line 43
9. XenForo_Install_Controller_Upgrade->_setupSession() in XenForo/Controller.php at line 298
10. XenForo_Controller->preDispatch() in XenForo/FrontController.php at line 309
11. XenForo_FrontController->dispatch() in XenForo/FrontController.php at line 132
12. XenForo_FrontController->run() in /home/corefree/public_html/install/index.php at line 18

That sounds like your database user isn't there any more or the password has been changed. I think you need to call your hosts, again.

 

[Divinum Fiat]

I'm sure it wasn't your add-on since it's not even installed yet. The files are there somehow but I can't find them in the admin panel.

Am on hold with Hostgator now.

What the hell is going on? Why or how can this even happen?

 

[Chris D]

Did you see my post regarding the database error I found on your install page?

A few things need to be checked:

What is the correct database name.
What is the correct database username.
What is the correct database password.
Has anyone changed any of these.

Are the same settings in your config.php file (public_html, library, config.php).

Because basically that error is suggesting that either your config file is wrong (why would it be), your database name has changed, database username has changed or database password has changed.

 

[Divinum Fiat]

Yes, I saw the 'Chinese' and am trying to explain it in English to this guy on Hostgator. Then he started to speak 'Japanese' to me explaining some things but we're just not speaking the same language. urgh. He's doing some checking now.

 

[Divinum Fiat]

Update: Site is restored. Like Chris said, Hostgator said that the database login/password was not the same. I gave him the cpanel info that I had and he restored it, then we changed the password completely. He did say that a software or an add-on could have made this change but it is not likely. It looks more like someone manually entered the site and made some changes. I asked him where they would make the changes in the first place and felt like I needed an Aspirin, gee, I have no clue what he is talking about as I've never visited that part of my cpanel before.

I asked him if it was possible to get IP addresses for any logins and he's generating that now. Will see what I get and post it here, provided it's relevant.

 

[Chris D]

Yeah, this is totally related to those user fields disappearing from the database.

There is someone who clearly doesn't like your site very much

What passwords has he changed for you? Just the database password? Or cPanel as well?

I think literally every single password you have needs to be changed. FTP, cPanel, MySQL, your Admin CP... there's something really not right.

Oh, and yeah, it seems as though you are pretty much still at risk as you are running 1.1.2 still and not 1.1.3. I still stand by that could be their way in. You need to get that fixed however you can. Even if it means asking one of us fine fellows to do it for you

(Though that would mean giving us your passwords for some things so not ideal under the circumstances!!!)

 

[borbole]

I agree, whatever they find in their access logs it will be of a great importance as it may contain important info of how your db was compromised.

You should also upgrade your forum a.s.a.p as well and do regular backups of your db.

 

[borbole]

Yes, I saw the 'Chinese' and am trying to explain it in English to this guy on Hostgator. Then he started to speak 'Japanese' to me explaining some things but we're just not speaking the same language. urgh. He's doing some checking now.

That post cracked me up btw

 

[cclaerhout]

Are you the only administrator on your site? If no, other admin password must be changed too.
If your host allows ssh connexion, you should also check this tutorial. If it doesn't, never save a password in your ftp client. Stock in a secure place and use a random password of at least 9 characters.

 

[Divinum Fiat]

No kidding, Borbole! After this I need a shot of something so strong, I'm afraid they haven't even discovered it yet! I am of the firm belief that parenting and romantic relationships as a piece of cake compared to technology! Then again, being a technical genius is no assurance for great relationships or great parenting skill. Okay, my head is screwed on right after all.

Here is what Hostgator found:

Here is the list of IP addresses accessing your cpanel from Sunday to Tuesday.
Sat Dec 8 09:26:46 2012 77.247.181.164 corefree Cpanel: Successful Login
Sat Dec 8 09:27:57 2012 77.247.181.164 corefree Cpanel: Successful Login
Sun Dec 9 09:33:46 2012 216.110.94.228 root Cpanel: Successful Login (this is Hostgator)
Tue Dec 11 09:20:16 2012 96.44.189.102 corefree Cpanel: Successful Login

I have removed mine, which showed up twice.


Here is the research I did on the IP addresses:


IP: 77.247.181.164
Decimal: 1308079524
Hostname: rainbowwarrior.torservers.net
ISP: NForce Entertainment B.V.
Organization: NForce Entertainment B.V.
Services: Confirmed proxy server
Recently reported forum spam source. (43)

IP: 216.110.94.228
Decimal: 3631111908
Hostname: 216-110-94-228.static.twtelecom.net
ISP: tw telecom holdings
Organization: HostGator.com
Services: Suspected network sharing device

IP: 96.44.189.102
Decimal: 1613544806
Hostname: herngaard.torservers.net
ISP: OC3 Networks & Web Solutions, LLC
Organization: torservers.net
Services:
Confirmed proxy server
Recently reported forum spam source. (77)



Here is the kicker. I thought just for the heck of it to check my personal login. I have the admin login but rarely post as the admin in the forum. I use my own profile to post and interact with people. When I checked my IP addresses, I saw over 50 different IP addresses from which I have supposedly logged in today alone!!!I would be happy to list them here if it's appropriate (it may make the post a bit long).

Remember how I mentioned earlier that I have hundreds of attempts from spammers? Is it possible for a software to do this?

Yes, password of the Cpanel and my personal password has been changed.

 

[borbole]

Looking at the first and last IP that you posted they look to be from proxies whereas the second one belongs to Hostgator.

Did your host tell you what action those ip's did at your cpanel? Or at the db or anywhere else for that matter?

Regarding your admin account, it looks like it has been hijacked. I would also do another thorough check up of everything if I were you. In the light of the recent events that would be very necessary imho.

 

[cclaerhout]

... and do a file check of XenForo core files.
link:

{yourforum}/admin.php?tools/file-check

If you use addons, download them again and replace their files.
If you use other script than XenForo, be sure of the integrity of the files.

 

[Divinum Fiat]

Did your host tell you what action those ip's did at your cpanel? Or at the db or anywhere else for that matter?

Regarding your admin account, it looks like it has been hijacked. I would also do another thorough check up of everything if I were you. In the light of the recent events that would be very necessary imho.

Borbole, no, Hostgator didn't tell me more other than those IPs logged in. Not sure what exactly I need to do regarding the admin. Are you talking about the cpanel admin or the XF admin?

I just checked some of the IPs on my personal login for today. I have logged in only once and my IP shows up once. But meanwhile there are over 100 IPs showing in my personal account for today alone! One for just about every 15 minutes. Here is a screenshot of just the first few. I checked them individually and banned the IPs, they're all either out of Russia, China, Amman or other non U.S. countries. This is happening so fast that I am almost certain an automated software is doing this.

I'm asking for help on how to fix this once and for all. I have uploaded XF 1.1.3 but the activation instructions in their folder is useless (to me). I added the extracted XF folder into the public_html folder via Filezilla. What do I do after that?

 

[borbole]

You should overwrite your current forum files, not simply upload it somewhere in your server space. And be on the look out for any backdoor/shell scripts and the like.

 

[cclaerhout]

Could you give us the list of XenForo addons you have installed on your system please?

 

[Divinum Fiat]

Could you give us the list of XenForo addons you have installed on your system please?

Here is a screenshot of what's current installed and active. They haven't been like this for many months, and I have made no changes here.

 

[borbole]

As far as I know there are no security issues with any of those mods.

 

[Chris D]

Blueprint4Love

One alternative to handing out passwords to one of us to help you and do this for you, is we use some remote assistance software to remotely control your actual PC. We can then physically show you how to upload the XF files.

If you want me to help, just send me a PM. I use a program called TeamViewer. All you'd need to do is download a small application and generate a code which would give me one time access to your PC.

 

[Divinum Fiat]

I would love that! Thank you.