My forum install keeps reseting?

lawlow

Hi,

This has happened twice now. I installed the forum, and had everything working perfectly fine, then after a few days when I try to go to the forum, it shows the install page again (database name, pass, etc.). I input all the info, and my forum is completely reset. Anybody have any idea what is going on???

Shadowdare

You might have the same problem as I do. http://vanillaforums.org/discussion/14757/config-file-hackeds

Tim

Your files aren't being hacked, we've found a bug in the configuration file handler. Working on it!

lawlow

oh ok thanks...i hope it's the latter rather than the former :P

leafboxtea

@tim this is great news, glad to here it! I fell victim to the bug today!

ddumont

@Tim do you have any short reason for what is going on? I haven't had it happen yet *knock on wood* but if there's something that I can do to avoid it, it would be awesome to know.

Shadowdare

@Tim: Thank you for letting us know.

martz

My quick fix for this problem would be to change the access permissions, so that the apache user cannot write to the file (e.g. chmod 555 config.php ) ? This has as a side effect that your dashboard also will be affected (chmod back when using the dashboard and then chmod to 555 again when done)

whu606

It happened to me a couple of times. Luckily I had a backup of the config file, so I was able to copy and paste the info in and everything worked fine again. Now, as suggested, I have removed write permissions until there is a fix.

Pixelnated

I woke up to my config file being wiped from this today
Hope it is fixed soon!

If it helps - I installed the IPTracking plugin yesterday afternoon and after weeks of having the board up, this is the first time this has happened. I have disabled it for the time being.

Linc

This should've been corrected in 2.0.17.8. Are you running the latest patch release?

Linc

No, wait... I'm lying. Pardon me. Pretty sure it's fixed for the next release.

Pixelnated

lol - thanks (yet again) @Lincoln! Looking forward to the release

tester13

@Lincoln, in unstable it is fixed, right?

One important question - any date then Todd branch with email confirmation implemented make its way to unstable?
I just wanted to lauch on of the forums soon, and my tests show that spammers are good with captcha only.

May be hidden field or Q&A could make its way to next release?
Hidden field is especially easy to implement.

Linc

@tester13 I recall someone sending us a pull request that fixed this a hard-to-track-down config writing problem; I'm pretty sure it's the same one described here.

There's a honeypot ("hidden field") already built into Vanilla since first release. To customize its name, drop this into your config.php:

$Configuration['Garden']['Forms']['HoneypotName'] = 'fieldname';

I have no insider info on anything Todd's doing in his branches.

tester13

Thanks.
Do you know how it works (visible by default and empty) and hidden plus filled only using JS upon form showing?
Or it is hidden from the start?

As for Todd. Can you ask him personally?
This functionality is very important for me, but I do not know current state of his branch. May be he still have some problems.
IF it is already tested, merging it with unstable coul be really good idea.

tester13

Loked at code. Honeypot is of simplest type, spammers today must pass it without big troubles.
We need something like one that is hidden at runtime and prefilled using JS only.
Plus much better default name.

dandv

@mark @tim @lincoln:
I'm using 2.0.17.10-stable on a test installation, with a random port number (http://...:5198/index.php). The only place I've posted this IP:port combo is here on vf.org/discussion.

Today I noticed this at the end of config.php:

// Last edited by ??? (217.131.138.21)2011-06-22 11:??:??

A reverse lookup of the IP shows a host in Turkey. "???" was some other string that I forgot - right after I browsed to the forum to see if it was still up, the "// Last edited by" line got replaced with my own IP. I do have the IP because I did a reverse lookup on it.

The permissions for my config.php are 644, but /conf/ was 777. Now Vanilla won't me log in as Admin: "Sorry, no account could be found related to the email and password you entered."

UPDATE: I just took down that installation.

Todd

@dandv, why are you finding every thread remotely related to your issue and posting to it?

dandv

@Todd: I honestly thought the threads were so similar (config.php being touched without the user's expectation), that those who might follow one of the threads but not the others, or new users who search for the issue and land on one of the threads, would benefit from an update. I guess it's my Wikipedia editor deformation professionelle at play.

Were I a moderator, I'd merge these discussions. Anyway, I posted only here, and linked to it from the related threads, but if that's not OK, feel free to exercise moderator power as you see fit

UnderDog

See a piece of text from Tim here:
http://vanillaforums.org/discussion/comment/141233#Comment_141233