Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

My forum install keeps reseting?

edited February 2011 in Vanilla 2.0 - 2.8
Hi,

This has happened twice now. I installed the forum, and had everything working perfectly fine, then after a few days when I try to go to the forum, it shows the install page again (database name, pass, etc.). I input all the info, and my forum is completely reset. Anybody have any idea what is going on???
Tagged:

Comments

  • You might have the same problem as I do. http://vanillaforums.org/discussion/14757/config-file-hackeds

    Add Pages to Vanilla with the Basic Pages app

  • TimTim Operations Vanilla Staff
    Your files aren't being hacked, we've found a bug in the configuration file handler. Working on it!

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • oh ok thanks...i hope it's the latter rather than the former :P
  • @tim this is great news, glad to here it! I fell victim to the bug today!
  • @Tim do you have any short reason for what is going on? I haven't had it happen yet *knock on wood* but if there's something that I can do to avoid it, it would be awesome to know.

    There was an error rendering this rich post.

  • @Tim: Thank you for letting us know.

    Add Pages to Vanilla with the Basic Pages app

  • martzmartz New
    edited February 2011
    My quick fix for this problem would be to change the access permissions, so that the apache user cannot write to the file (e.g. chmod 555 config.php ) ? This has as a side effect that your dashboard also will be affected (chmod back when using the dashboard and then chmod to 555 again when done)
  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP
    It happened to me a couple of times. Luckily I had a backup of the config file, so I was able to copy and paste the info in and everything worked fine again. Now, as suggested, I have removed write permissions until there is a fix.
  • edited March 2011
    I woke up to my config file being wiped from this today :(
    Hope it is fixed soon!

    If it helps - I installed the IPTracking plugin yesterday afternoon and after weeks of having the board up, this is the first time this has happened. I have disabled it for the time being.
  • LincLinc Detroit Admin
    This should've been corrected in 2.0.17.8. Are you running the latest patch release?
  • LincLinc Detroit Admin
    No, wait... I'm lying. Pardon me. Pretty sure it's fixed for the next release.
  • lol - thanks (yet again) @Lincoln! Looking forward to the release :)
  • edited March 2011
    @Lincoln, in unstable it is fixed, right?

    One important question - any date then Todd branch with email confirmation implemented make its way to unstable?
    I just wanted to lauch on of the forums soon, and my tests show that spammers are good with captcha only.

    May be hidden field or Q&A could make its way to next release?
    Hidden field is especially easy to implement.
  • LincLinc Detroit Admin
    @tester13 I recall someone sending us a pull request that fixed this a hard-to-track-down config writing problem; I'm pretty sure it's the same one described here.

    There's a honeypot ("hidden field") already built into Vanilla since first release. To customize its name, drop this into your config.php:

    $Configuration['Garden']['Forms']['HoneypotName'] = 'fieldname';

    I have no insider info on anything Todd's doing in his branches. :)
  • Thanks.
    Do you know how it works (visible by default and empty) and hidden plus filled only using JS upon form showing?
    Or it is hidden from the start?

    As for Todd. Can you ask him personally?
    This functionality is very important for me, but I do not know current state of his branch. May be he still have some problems.
    IF it is already tested, merging it with unstable coul be really good idea.
  • Loked at code. Honeypot is of simplest type, spammers today must pass it without big troubles.
    We need something like one that is hidden at runtime and prefilled using JS only.
    Plus much better default name.
  • dandvdandv New
    edited June 2011
    @mark @tim @lincoln:
    I'm using 2.0.17.10-stable on a test installation, with a random port number (http://...:5198/index.php). The only place I've posted this IP:port combo is here on vf.org/discussion.

    Today I noticed this at the end of config.php:
    // Last edited by ??? (217.131.138.21)2011-06-22 11:??:??
    A reverse lookup of the IP shows a host in Turkey. "???" was some other string that I forgot - right after I browsed to the forum to see if it was still up, the "// Last edited by" line got replaced with my own IP. I do have the IP because I did a reverse lookup on it.

    The permissions for my config.php are 644, but /conf/ was 777. Now Vanilla won't me log in as Admin: "Sorry, no account could be found related to the email and password you entered."

    UPDATE: I just took down that installation.
  • ToddTodd Chief Product Officer Vanilla Staff
    @dandv, why are you finding every thread remotely related to your issue and posting to it?
  • dandvdandv New
    edited June 2011
    @Todd: I honestly thought the threads were so similar (config.php being touched without the user's expectation), that those who might follow one of the threads but not the others, or new users who search for the issue and land on one of the threads, would benefit from an update. I guess it's my Wikipedia editor deformation professionelle at play.

    Were I a moderator, I'd merge these discussions. Anyway, I posted only here, and linked to it from the related threads, but if that's not OK, feel free to exercise moderator power as you see fit :)
  • There was an error rendering this rich post.

Sign In or Register to comment.