Server error, please try again later

Divinum Fiat

Divinum Fiat

Well-known member
Hi all,

For some unexplainable reason I got logged out of my forum and when I try logging back in I get the message "server error, please try again later."

The page is frozen at that error page and no matter what tabs I click, I can't move away from the error page.

Does anyone have an idea of what this could be related to (my other domains, that share the same server, are up and running fine)?
 
Sort by date Sort by votes
Is it worth maybe clearing the sessions table? In case previous cookies/sessions are still in use for the main account on the other people's machines? That could maybe explain how they're still able to post with the account after the password change?

Or does a password reset clear all previously cached sessions?
 
Upvote 0 Downvote
I'm not sure what 'clearing sessions table' or 'password reset' means. I just went into my profile to choose a new password. And I made it looong and complicated, even I couldn't remember it. Just to clarify though, no one is posting anything in the forum. That's what's so strange. So if they have access through my account, why won't they post anything? There are so many IPs logging in but with no one posting, it really looks like a computer is doing this, I just can't figure out how.
 
Upvote 0 Downvote
To recap, you had missing columns in the database and unrecognized IPs showing for your account. Any other symptoms? This is a long thread and I want to make sure I have everything. It is certainly possible your forum was compromised, but I want to be sure what the problems are before I go looking for hackers.
 
Upvote 0 Downvote
There was a day or two when anyone was able to go to the main site. There were some error messages about columns missing and then on Monday there was another error with a white page saying that the site couldn't be accessed. Hostgator did a full backup restore and they confirmed that the servers have not bee compromised. The most unusual thing is the excessive number of spammers that are on the site. Although Chris' add-on has caught over 660 spammers in the last 3 days, some are still coming through. When I left the "manual approval" unchecked yesterday, a few came through but all they're leaving is a few unrecognizeable letters, a line at the most, no urls. Title doesn't make sense either, just a bunch of letters. What's strange is when I asked HostGator to give me the IP addresses for unauthorized logins to the server they came up with 3 for just Sunday (which is when the site was down). We changed the passwords on the server and the password for my personal member login. It helped for about a day. Then it started again. The number of IP addresses in my personal account far outweigh the number who logged in to the server.

Does this help?
 
Upvote 0 Downvote
Blueprint4Love said:
Hostgator did a full backup restore and they confirmed that the servers have not bee compromised...

...What's strange is when I asked HostGator to give me the IP addresses for unauthorized logins to the server they came up with 3 for just Sunday (which is when the site was down).
Click to expand...

So the server was compromised? We need to be sure about this. Because if your server was compromised then all other bets are off. That would give them full access to everything.
 
Upvote 0 Downvote
I'm not sure if the server was compromised. That's not what Hostgator said, I understood that from the posts and messages here. According to HG everything looked fine with the exception that one password that seemed different than what I had. So we updated it. Nothing was done to the server though (it's just VPS server).
 
Upvote 0 Downvote
So we have 3 problems:

1) Missing columns in the database.

The most likely explanation in my mind is that this was an accident caused by some one with access to your server (you or your host). A hacker generally wouldn't bother deleting select columns from a database. Hackers usually either deface your site or delete all data. There is no need to be subtle.

2) Forum spam.

Spam happens. Just gotta deal with it:

http://xenforo.com/community/resources/dealing-with-forum-spam.980/

3) Unrecognized IPs for your account.

Have you ever logged into your forum from remote locations or from mobile devices? The IPs might be from those logins. Otherwise if you are absolutely sure that the IPs are not yours then that means some one else is logging into your admin account and you should change your password.

That's pretty much it. If a hacker is suspected then obviously you should change all relevant passwords and consult with your host if it involves them. If you would like to give me access to your server then I can look around for backdoors and such. Otherwise all that is left is to fix the existing problems.

I am not discounting the possibility of a hacker, but I think the speculation in this thread is getting a bit out of hand. We need to focus on the problems at hand.

Blueprint4Love said:
We changed the passwords on the server and the password for my personal member login. It helped for about a day. Then it started again.
Click to expand...

What started again?
 
Upvote 0 Downvote
1. I do not have the technical know-how to even know where to look for columns, let alone erase anything.

2. I did change the passwords on Monday. Somehow they're still getting in but as I said, no one is posting anything as 'me' - it seems as if the IPs just appear.

3. I have been stationary in one location since June and have been logging on either from home, a cafe or a library, all local. I have manually checked many of the IPs and they're from China, Russia, Lithuania, Poland and other such countries. Most of these IPs have a "recently marked for forum spam" note.

I'll send you my log in details via PM.
 
Upvote 0 Downvote
1) Then it was your host or some third party with access to your server. Restore a backup to fix the data loss.

2) Forum spam has nothing to do with your server or admin passwords.

3) Then it definitely sounds like your admin login was compromised. You should change your password obviously.
 
Upvote 0 Downvote
FYI for others. Ragtek's new user notification system addon makes "welcome profile posts" on her forum. Those posts are made under her account. For some reason it's logging foreign IPs for those profile posts. That's where the IPs are coming from. This is obviously erroneous. I don't know why that addon is logging these IPs. But we know the IPs aren't from hackers now.
 
Upvote 0 Downvote
borbole said:
Nice find Jake.
Click to expand...
You seriously not going to plug your own add-on at this amazing opportunity?

Ok... well, I'll do it for you.

If you need an alternative to ragtek's NUNS system then check out borbole's add-on, here: http://xenforo.com/community/resources/new-users-welcome.1293/

If any one is in contact with ragtek it might be worth making him aware. He maintains his projects at Github so if this is a bug I'm sure he'll fix it if he has time.
 
Upvote 0 Downvote
Jake, and everyone, something is really wrong. I just logged on to my forum and found 1 new post, which was a member's post yesterday, but today it says this:

"you bin hacked cause you is fake and phony"

http://www.corefreedom.com/threads/soul-connection.1023/#post-6779

The original thread from this member is gone as are the comments we made and they have been replaced by this same sentence over and over again. So for sure someone is in my forum that has figured out a way to get through.
 
Upvote 0 Downvote
Sorry guys for the bad news, but someone definitely has hacked into XF as an admin. I just changed my personal profile password and then tried changing the admin password but it wouldn't let me. While I was able to log in as the admin, when I went to the profile to change the password it told me that the password didn't match. Someone definitely has access to the admin password and now I can't change it.

Does anyone know how to override the admin or super admin?
 
Upvote 0 Downvote
This is not good. That message has been injected to all posts from what I could see at your forum. Ask your host roll you back to the most recent backup and to check the access logs. The hacker/s are somehow getting access to your server space/forum and that point of entry should be discovered a.s.a.p and be dealt with otherwise your forum will be opened to hacking again and again.
 
Upvote 0 Downvote
Blueprint4Love said:
Sorry guys for the bad news, but someone definitely has hacked into XF as an admin. I just changed my personal profile password and then tried changing the admin password but it wouldn't let me. While I was able to log in as the admin, when I went to the profile to change the password it told me that the password didn't match. Someone definitely has access to the admin password and now I can't change it.

Does anyone know how to override the admin or super admin?
Click to expand...

Ask your host to roll you back. That would reset the admin password as well and you can change it again. But that is not the most important thing. What you should be focusing on is to find the poe (point of entry) and patch it up.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

VinnyS
  • Solved
XF 2.3 A server error occurred. Please try again later.
Replies
4
Views
91
VinnyS
VinnyS
DanaCos
  • Question Question
XF 2.3 Getting... An unexpected database error occurred. Please try again later. on my site
Replies
3
Views
42
DanaCos
DanaCos
B
  • Question Question
XF 2.3 This attachment cannot be displayed at this time. Please try again later
Replies
0
Views
36
Binkaddas
B
B
  • Question Question
XF 2.3 An unexpected error has occurred. Please try again later.
Replies
1
Views
55
bienenf
B
CoinBit
  • Question Question
An unexpected database error occurred. Please try again later.
2 3 4
Replies
76
Views
1K
CoinBit
CoinBit
Back
Top Bottom