Author Topic: Can't log out after upgrade to 1.7.4 and hacking problem  (Read 12594 times)

0 Members and 1 Guest are viewing this topic.

Offline Gwydion

  • Full Member
  • ***
  • Posts: 126
    • View Profile
Can't log out after upgrade to 1.7.4 and hacking problem
« on: January 04, 2007, 02:25:13 PM »
I upgraded to 1.7.4, then a user told me he can't log in and to see what's wrong I wanted to log-out. Well, I can't.
Neither on the index page nor in the cpanel.
Is this a version bug or can/shall I do something?

Also, I upgraded after my site obviously was hacked (browser hijack when going to the gallery from the cpanel on or calling up the index.php page - since it was only with this gallery and only that sites and neither ad-aware nor spybot nor mcafee could find anything I assumed it was the server/gallery that got hacked. The upgrade fixed that except when you just call the galelry directory itself (not index.php).
Can someone suggest what to check to fix that too?


Offline KurtW

  • 4images Guru
  • *******
  • Posts: 2.778
    • View Profile
    • Malediven-Bilder ~~Dreams~~
Re: Can't log out after upgrade to 1.7.4 and hacking problem
« Reply #1 on: January 04, 2007, 03:11:41 PM »
Hi,

you upgraded to 1.7.4
Also the templates :?:

a link to the gallery helps a lot


Kurt

Offline arcticmark

  • Pre-Newbie
  • Posts: 5
    • View Profile
Re: Can't log out after upgrade to 1.7.4 and hacking problem
« Reply #2 on: January 04, 2007, 04:12:24 PM »
Hello,

I am having the exact same problem.
It is an issue with the sessions that 4images creates.
In other words on a server running MySQL 4.1.21-standard and PHP 4.4.4 it won't create a session and allow you to login or out.

I did a MySQL check and got this error;

Code: [Select]
arctic_imggal.4images_categories                   OK
arctic_imggal.4images_comments                     OK
arctic_imggal.4images_groupaccess                  OK
arctic_imggal.4images_groupmatch                   OK
arctic_imggal.4images_groups                       OK
arctic_imggal.4images_images                       OK
arctic_imggal.4images_images_temp                  OK
arctic_imggal.4images_lightboxes                   OK
arctic_imggal.4images_postcards                    OK
arctic_imggal.4images_sessions
note     : The storage engine for the table doesn't support check
arctic_imggal.4images_sessionvars                  OK
arctic_imggal.4images_settings                     OK
arctic_imggal.4images_users                        OK
arctic_imggal.4images_wordlist                     OK
arctic_imggal.4images_wordmatch                    OK

Also a link to my gallery http://www.arctic-monkeys.com/4images/
I also am aware that I am running an old template which doesnt support many of the new gallerys features (such as the captcha) so people can't register at the moment. But I can't login to change the template at the moment.

Thanks
Mark

Offline KurtW

  • 4images Guru
  • *******
  • Posts: 2.778
    • View Profile
    • Malediven-Bilder ~~Dreams~~
Re: Can't log out after upgrade to 1.7.4 and hacking problem
« Reply #3 on: January 04, 2007, 04:42:35 PM »
Hi,

Quote
But I can't login to change the template at the moment.

What...
 update the templates with ftp.... :wink:

Kurt


Offline arcticmark

  • Pre-Newbie
  • Posts: 5
    • View Profile
Re: Can't log out after upgrade to 1.7.4 and hacking problem
« Reply #4 on: January 04, 2007, 05:30:34 PM »
I understand I can update using FTP but I'd rather have the ability to login first ;)
I wanted to change it back to the original 4images template.

Offline Gwydion

  • Full Member
  • ***
  • Posts: 126
    • View Profile
Re: Can't log out after upgrade to 1.7.4 and hacking problem
« Reply #5 on: January 04, 2007, 05:35:03 PM »
I am sorry but what do you mean with update the template?
I have uploaded the files in templates/default dir but not the template dir I am using (chicque_black).
Wouldn't make sense to put that into the chicque_black dir would it?

The site that had the template (chicque black by Nova) is hacked too.
Is that some organised attack or what?



Offline Acidgod

  • Moderator
  • 4images Guru
  • *****
  • Posts: 2.420
  • It's me?
    • View Profile
    • Flash-Webdesign
Re: Can't log out after upgrade to 1.7.4 and hacking problem
« Reply #6 on: January 04, 2007, 07:20:23 PM »
I understand I can update using FTP but I'd rather have the ability to login first ;)
I wanted to change it back to the original 4images template.

rename your template pack folder to something like MYTEMPLATEFOLDER_bak an then upload the default template pack and rename the folder from default to MYTEMPLATEFOLDER...
or use phpmyadmin or something like that to edit the settings directly in the database...

@Gwydion
Please do the same!


When you have change the Template to the default Template Pack we will take a look on your sites...

Offline arcticmark

  • Pre-Newbie
  • Posts: 5
    • View Profile
Re: Can't log out after upgrade to 1.7.4 and hacking problem
« Reply #7 on: January 05, 2007, 12:34:47 AM »
It has nothing to do with the template at all.
It is something to do with how 4images writes it's session data.

I have several pieces of software which run using session and I have no problems, only with 4images, it just wont let you login on that setup. I sent you the MySQL check which prove it.

Anyway I did what you said and changed the template.
I now get the errors shown below which must not show on the other template I was using;

Code: [Select]
Warning: Unknown(): open(/tmp/sess_0d3539e318e5574a290a13556055759d, O_RDWR) failed: Permission denied (13) in Unknown on line 0

Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0

Thanks

I'll also supply information about PHP aswell;
http://www.arctic-monkeys.com/inf.php
« Last Edit: January 05, 2007, 01:01:46 AM by arcticmark »

Offline Acidgod

  • Moderator
  • 4images Guru
  • *****
  • Posts: 2.420
  • It's me?
    • View Profile
    • Flash-Webdesign
Re: Can't log out after upgrade to 1.7.4 and hacking problem
« Reply #8 on: January 05, 2007, 10:19:42 AM »
please make a tmp folder in your root folder (http://www.arctic-monkeys.com/4images/tmp/) an chmod it to 777...

Offline arcticmark

  • Pre-Newbie
  • Posts: 5
    • View Profile
Re: Can't log out after upgrade to 1.7.4 and hacking problem
« Reply #9 on: January 05, 2007, 10:34:47 PM »
please make a tmp folder in your root folder (http://www.arctic-monkeys.com/4images/tmp/) an chmod it to 777...

I don't think you quite understood the problem which had arisen here.

The session data is not written to the tmp directory in 4images, it is written to the tmp directory on the actual servers root. Making that tmp folder and chmodding it would not have worked one bit I don't think.
Anyway I rebuilt Apache and PHP aswell as building it with some different options. I couldn't for the life of me understand why it suddenly worked but it did.
It is something to do with php.ini and how it allows 4images to write to the tmp directory on the server.

If you do some googling it is apparently a bug in PHP.

Thanks for your help but if people are having problems try rebuilding PHP and Apache and see if it works.

Offline Gwydion

  • Full Member
  • ***
  • Posts: 126
    • View Profile
Re: Can't log out after upgrade to 1.7.4 and hacking problem
« Reply #10 on: January 07, 2007, 02:01:37 PM »
If I simply rename the default template folder to mytemplate what good would that be? The template would be the default template then and not mytemplate.
I have also tried to change the standard template in the settings to default (this folder contains the 1.7.4 files) but logging out isn't possible either so I don't see why the renaming template stuff should work.

I agree with that the problem doesn't seem to be the template but some php stuff/bug in 1.7.4


Offline Acidgod

  • Moderator
  • 4images Guru
  • *****
  • Posts: 2.420
  • It's me?
    • View Profile
    • Flash-Webdesign
Re: Can't log out after upgrade to 1.7.4 and hacking problem
« Reply #11 on: January 07, 2007, 06:57:24 PM »
The session data is not written to the tmp directory in 4images, it is written to the tmp directory on the actual servers root.

Then you have not Problem with 4images, right? (o:

@Gwydion
You will become no Support without the URL and without any error message... Sorry...

manurom

  • Guest
Re: Can't log out after upgrade to 1.7.4 and hacking problem
« Reply #12 on: January 08, 2007, 02:55:04 AM »
Hello;
just trying to help a bit.
Have you tried to create a folder called "sessions" with CHMOD 777 in your site root?
I am french, and in France, persons that are hosted by the ISP free.fr have to do it, unless sessions do not work.
Creating such a folder, as:
Code: [Select]
http://www.arctic-monkeys.com/sessions/gived good results.
Sorry, I do not know if it is THE answer, but perhaps have to try...

Offline Gwydion

  • Full Member
  • ***
  • Posts: 126
    • View Profile
Re: Can't log out after upgrade to 1.7.4 and hacking problem
« Reply #13 on: January 08, 2007, 10:30:08 PM »
Sorry, forgot.
The link to the gallery

There is no error message, as described in post one - I simply can't log out. Don't know whether I would be able to log in, at the moment I can't log out, that's it.
I can also not say what registered users or guests would see after the upgrade, because I am always seeing the page as admin.


Offline Acidgod

  • Moderator
  • 4images Guru
  • *****
  • Posts: 2.420
  • It's me?
    • View Profile
    • Flash-Webdesign
Re: Can't log out after upgrade to 1.7.4 and hacking problem
« Reply #14 on: January 09, 2007, 12:31:27 PM »
first try this thread to update you templates:
http://www.4homepages.de/forum/index.php?topic=13755.0

i can't register on your site and i think that is the new captcha function which make trouble...