Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Config File Hacked?
Shadowdare
MVP
My config file was either hacked or there was some glitch with Vanilla. On my Vanilla config.php file all that it says now is:
My Vanilla index only displays the installation page. Is this a bug with Vanilla or has it actually been hacked? I managed to get my forum back up though. Seems to be an urgent Vanilla problem, @Mark. If so, I wonder how it can be replicated.
I notice that when I edit a setting in the dashboard by being an admin myself, that it leaves a last edited by comment at the bottom of the config.php file. How can the user have did this and where did all the other variables go to?
The user said that he was submitting a post before this happened.
<?php if (!defined('APPLICATION')) exit();
// Garden
$Configuration['Garden']['Analytics']['LastSentDate'] = '20110127';
// Last edited by THEUSERNAME (his IP)2011-02-05 07:12:21
My Vanilla index only displays the installation page. Is this a bug with Vanilla or has it actually been hacked? I managed to get my forum back up though. Seems to be an urgent Vanilla problem, @Mark. If so, I wonder how it can be replicated.
I notice that when I edit a setting in the dashboard by being an admin myself, that it leaves a last edited by comment at the bottom of the config.php file. How can the user have did this and where did all the other variables go to?
The user said that he was submitting a post before this happened.
Add Pages to Vanilla with the Basic Pages app
0
Comments
Maybe it's also time to start discussing taking some config files outside the document root :-)
There was an error rendering this rich post.
I saved the config.php file that was overwritten by the user. I already copied and pasted all of the text into my first post here in the yellow highlighted text. I'm not sure what posting a reply has to do with the config file, though.
Add Pages to Vanilla with the Basic Pages app
The most recent instance left this in my config file:
<?php if (!defined('APPLICATION')) exit();
// Garden
$Configuration['Garden']['Analytics']['LastSentDate'] = '20110117';
// Last edited by Don'tShowAUserName (NEVERshowIP'sInForumThreads)2011-02-06 04:53:14
There's no way the user involved would have intentionally tried to cause this behaviour.
As far as I can tell, the user had no activity beyond browsing the forum when the file was rewritten.
I thought it related to the WhoIs plugin, but now know that it doesn't.
I've removed all write permissions from config for the meantime.
There was an error rendering this rich post.
I'm guessing the Analytics variable is related to Vanilla Statistics. If so, then maybe there is something wrong with the plugin. I don't use the WhosOnline plugin so it may be something else.
Add Pages to Vanilla with the Basic Pages app
Add Pages to Vanilla with the Basic Pages app
Any news on this?
Add Pages to Vanilla with the Basic Pages app
Unfortunately the forum has been offline for quite some time during peak hours, my mailbox was filled with a lot of confused user e-mails.
The quick fix for me is to chmod the config.php to 555 - this would disallow the www-data user to write the file. I guess this should work.
The config.php file should only be edited by the admin right?
http://vanillaforums.org/discussion/comment/141233#Comment_141233
There was an error rendering this rich post.