Dizkus

I just wrote a review as admin on my site and was shocked after previewing it with left aligned text to find that the live copy was all centred. The end of the article had no line break hard coded in, instead the link for Admisitration - Delete and Edit ran on from the last letter of my last sentence in the review. This I fixed with a br tag at the end of my article, but that's just a temp fix and normal users can't be expected to do that each time. Earlier reviews are fine. I'm on 0.762.

I don't know if it's related, but we have been getting regular hacking attempts each day, according to the PN script we get between 30 and 80 per day. My webhosting provider says there is nothing that can be done about this as each attempt has a different scammed IP address so banning each one is difficult as they change all the time, and probably aren't genuine anyway. A while ago we asked Hammerhead for help which he was very helpful with. He took out some iffy code we had and changed some stuff to make it less hackable, but clearly that was only a temporary respite.

I'd welcome suggestions of what to do next. How can I fix the reviews module? How can I reduce the hack attempts?

TIA

Mac



edited by: SwissMac, Sep 17, 2006 - 12:28 AM

Do you use Mod Security? If you are not su, you could ask your host to provide it for you.

I would assume that your theme is goofy... and that is why you have an issue. Try a different theme... or reinstall the theme you have.

If this is not the case... reinstall the module. If this doesnt solve it, panic! j/k.. report back and we will take it from there.

--
David Pahl
Zikula Support Team

Do you mean an Apache module or a PN one? Which module should I reinstall?

Mac

Hi Mac, hope things are well with you.

Mod security is an Apache module, you can find a mod security ruleset for PostNuke at http://support.pn-cms.de/modules/dokuwiki/doku.php?id=tt:modsecurity&s=modsecurity - your host may be glad of this.

As for the reviews issue, it does sound like a theme problem. Are you still using the same theme as before?

--
Regards,
Simon

itbegins.co.uk - Zikula Consulting

Please read the Support Guide

Hi Simon,

Nice to hear from you. Hope you're running a RAID setup these days!

We did have a small problem when our hosting provider changed the server without warning. They used a backup file that was 18 months old. Ha! Some "daily backup" as advertised in their literature. Luckily we had a more recent backup file and then we moved hosts. AFAIK the files are the same ones you looked at before. We had major hack attempts picked up by the PN Anti-Cracker script both before and after the hoster mucked things up. But maybe something got through?

Mac

I'd still guess it's a theme problem. Perhaps if you view the page with the Extralite theme by adding &theme=ExtraLite to the end of the URL you can check that.

--
Regards,
Simon

itbegins.co.uk - Zikula Consulting

Please read the Support Guide

Adding "&theme=ExtraLite" without the quotes made no difference to the display of the page text: it was still centred.

Mac

Just some thoughts... you say they gave you an old backup... when you used the newer backup (yours) did you completely remove the old backup, or just write over it?

I would, delete all the HTML files, and put new shiney ones in... new core... new theme... new 3rd party modules... especially if you feel the code may have been comprimised... it is possible that you may have corupt files...

It shouldnt hurt to give it a try.

--
David Pahl
Zikula Support Team

I loaded my backup onto a completely new server. There were no HTML or PHP files to replace, it was an empty setup.

The backup was taken from the site setup that had previously been attacked, so it is possible that some sort of malware had got into the system somewhere. The attack takes the form of some kind of SQL injection that posted links to all sorts of unsavoury porn and other spam sites in the reviews comments table (and I think other places). Over this weekend just gone there were 95 hacking attempts.

I asked the hosting provider if they could set something up to block things, and even suggested reporting the activity to the FBI which they didn't like the idea of. Something about "all our servers will be taken away and investigated" and so I have been left without protection. The site is now on a different hosting providers servers, but is still being attacked so I suspect your advice is worth following.

Unfortunately, I don't have a backup of the files Simon worked on to use as a clean install...

Mac