HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.

Database.PHP erased! Oh noes! Helps?

edited October 2007 in Vanilla 1.0 Help
Okay, why am I getting this?

pushingpixels.net


Am I dealing with a gay hacker that can't leave a site that only has 13 members alone?

Comments

  • Descriptive topic...

    Looks like you have your username/password wrong for your database to me — but someone more skilled in these matters will be able to tell you exactly.
  • Well its been fine the last month. But now when I start having people I get this.

    And I can't do to much about it because I'm at work and using my phone to do this.
  • Looks like a problem with the 'David' Extension. Try deleting the line which includes it out of conf/extensions.php when you get chance. That should bring your forum back online. Then you can look to the root of the problem.
  • Alright, I'll try that when I get home...

    Sucks not having computer access all day.
  • Okay, seems my database.php file has been completely deleted. All thats left in it is "?>" and thats it.

    Umm... Do I have to completely reinstall vanilla or can someone give me a copy of the database file with everything included because I can't find one and I didn't make a backup of it.
  • VazVaz New
    edited August 2007
    You can download Vanilla again & upload the file thats missing. Here's my conf/database.php file (if this is the one your talking about) <?php // Database Configuration Settings $Configuration['DATABASE_HOST'] = 'xxxxxx'; $Configuration['DATABASE_NAME'] = 'xxxx'; $Configuration['DATABASE_USER'] = 'xxxxxx'; $Configuration['DATABASE_PASSWORD'] = 'xxxxxx'; // Saved Searches Table Structure $DatabaseTables['UserSearch'] = 'UserSearch'; $DatabaseColumns['UserSearch']['SearchID'] = 'SearchID'; $DatabaseColumns['UserSearch']['Label'] = 'Label'; $DatabaseColumns['UserSearch']['UserID'] = 'UserID'; $DatabaseColumns['UserSearch']['Keywords'] = 'Keywords'; $DatabaseColumns['UserSearch']['Type'] = 'Type'; // Attachments Table Structure $DatabaseTables['Attachment'] = 'Attachment'; $DatabaseColumns['Attachment']['AttachmentID'] = 'AttachmentID'; $DatabaseColumns['Attachment']['UserID'] = 'UserID'; $DatabaseColumns['Attachment']['DiscussionID'] = 'DiscussionID'; $DatabaseColumns['Attachment']['CommentID'] = 'CommentID'; $DatabaseColumns['Attachment']['Title'] = 'Title'; $DatabaseColumns['Attachment']['Description'] = 'Description'; $DatabaseColumns['Attachment']['Name'] = 'Name'; $DatabaseColumns['Attachment']['Path'] = 'Path'; $DatabaseColumns['Attachment']['Size'] = 'Size'; $DatabaseColumns['Attachment']['MimeType'] = 'MimeType'; $DatabaseColumns['Attachment']['DateCreated'] = 'DateCreated'; $DatabaseColumns['Attachment']['DateModified'] = 'DateModified'; // Pre-Moderation Table Structure $DatabaseColumns['Discussion']['Approved'] = 'Approved'; $DatabaseColumns['Comment']['Approved'] = 'Approved'; // Discussions Table Structure $DatabaseColumns['Discussion']['Draft'] = 'Draft'; ?> Be sure to make the neccessary changes to xxxx
  • edited August 2007
    Thats the one....

    Gah... Keeps saying invalid user. I have all the right information...

    I'm thinking about redoing the whole damn site... Now I know what I need and how to do it. Dang it!
  • Over the past month or so, I am having a similar problem. The <?php at the start is being overwritten to ?>, so that it displays an error while at the same time, showing the contents of my database.php file.

    Is this happening to anyone else, or is it just me?

    Nathan
  • VazVaz New
    edited August 2007
    I'm not sure about database.php but a little while back my settings.php file was getting messed (need to see if it still is by the way).

    I remember making the following changes to stop the problem as suggested here on the forums by little_peet:

    The following add-ons seem to be causing the glitch where your settings.php file gets erased:
    JQthickbox
    Jquery
    Discussion view counters
    zip2mail

    To solve this problem you have to modify part of the framework by replacing the function "AddConfigurationSetting" in the \library\framework\framework.functions.php

    This modification has already been placed into Vanilla2 but just incase you can't wait and don't mind modifying - go ahead and do it!

    Replace the current function with:

    function AddConfigurationSetting(&$Context, $SettingName, $SettingValue = '1') {
    if ((!array_key_exists($SettingName, $Context->Configuration))|($Context->Configuration[$SettingName]!=$SettingValue)){
    $Context->Configuration[$SettingName] = '';
    $SettingsManager = $Context->ObjectFactory->NewContextObject($Context, 'ConfigurationManager');
    $SettingsFile = $Context->Configuration['APPLICATION_PATH'].'conf/settings.php';
    $SettingsManager->DefineSetting($SettingName, $SettingValue, 1);
    $SettingsManager->SaveSettingsToFile($SettingsFile);
    }
    }
  • Vanilla 1.1.3, Vanilla didn't start yet coding Vanilla 2.
  • Just to report a similar happening. My database.php file was transformed to a simple
    ?>
    Using Vanilla 1.1.2.

    It's solved but nonetheless let it be noted.
  • Vanilla 1.1.3 should prevent a similar issue with settings.php but not with database.php.

    which extensions are you using?
  • Extended Text Formatter 1.2 Mark O'Sullivan lussumo.com/docs Google Analytics 1.2 dinoboff / ithcy lussumo.com/community/discussion/3507 Guest Post 1.4.1 Gerrard Cowburn lussumo.com/docs Hidden Text 1.4 Justin (Krak) Haury lussumo.com/addons Html Formatter 2.2 SirNotAppearingOnThisForum lussumo.com/docs Low-Cal Vanilla 0.1.1 Dinoboff lussumo.com/docs ModTools 0.06.10b jawele lussumo.com/addons Nuggets 1.1.4 MySchizoBuddy lussumo.com/addons Panel Lists 1.2 Mark O'Sullivan lussumo.com/docs Preview Post 2.5 SirNotAppearingOnThisForum lussumo.com/addons Quicktags 0.5 James Greig lussumo.com/addons Quotations 1.6 Joel Bernstein lussumo.com/community/discussion/2069 Sitemaps 0.1 David Kitchen (buro9 on vanilla.com) lussumo.com/docs Thankful People 1.2 Maurice (Jazzman) Krijtenberg www.krijtenberg.nl Could it be related to http://lussumo.com/community/discussion/5614/thankful-people/#Item_22 ?
  • Only Thankful People (I think) write something in database.php, but it should only update it one time. So I don't what could be the problem.
  • Over the past month or so, I am having a similar problem. The <?php at the start is being overwritten to ?>, so that it displays an error while at the same time, showing the contents of my database.php file.
    Isn't this potentially very dangerous? If the contents of database.php are rendered readable, then the hacker can access the database directly, read out whatever infos it contains or overwrite it entirely.
  • yep, it is, you should put database.php out of the docroot (and set $Configuration['DATABASE_PATH'] to the new path).
  • isn't it out of the docroot as standard – conf/database.php – or have I misunderstood something? How can it have been accessed and overwritten? What chmod settings should it have to ensure the conf/ folder and files within cannot be accessed from outside vanilla?
  • once everything is set-up, the permission of any vanilla files (except some extension files, like cache files) should be 400 or 440 (500 or or 550 for the folders - except some extensions folder).

    database.php is in the web server document root like all the other vanilla file. But the .htaccess should prevent direct access (with an apache server). But it is more secure to put it out of the document root. Not everybody can do that but if you can, do it.
This discussion has been closed.