Syntax Errors throttling account
Permalink
We’re getting syntax errors that are resulting in our account being throttled by the host server. When I looked into the slow queries file, it appears the errors are all showing up in the database that holds our website’s Concrete5 files.
This is having a big impact on our company. Any suggestions? Here’s
When I run SQL query on the database, this is what just one of the errors looks like:
Any help will be appreciated... I'm stuck!
Barbara/MaineCoast
This is having a big impact on our company. Any suggestions? Here’s
When I run SQL query on the database, this is what just one of the errors looks like:
SHOW COLUMNS FROM `btContentImage`
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SHOW COLUMNS FROM `btContentImage`' at line 1Any help will be appreciated... I'm stuck!
Barbara/MaineCoast
Hi and thanks so much for responding.
I am running C5 version: 5.4.2.2 off Bluehost. MySQL version is 5.1.63-community-log and the Operating System is Linux.
I've attached a copy of the error log. There's code in there that we DID NOT insert. I've highlighted just some of it in red so you can quickly see what I'm talking about (referer, backtraced to/from domain names I've never heard of).
Does this mean our account was compromised?
The site was built in C5, and we're using some add-ons from the marketplace. But very little manipulation of code was done to this site. I don't know where to go from here. I'm not a programmer, but need to resolve this issue as we don't have a programmer in the office - so it's up to me. Not sure if I'm giving you all the info you need to help me, but I need a life raft for sure. I'm in over my head...
I am running C5 version: 5.4.2.2 off Bluehost. MySQL version is 5.1.63-community-log and the Operating System is Linux.
I've attached a copy of the error log. There's code in there that we DID NOT insert. I've highlighted just some of it in red so you can quickly see what I'm talking about (referer, backtraced to/from domain names I've never heard of).
Does this mean our account was compromised?
The site was built in C5, and we're using some add-ons from the marketplace. But very little manipulation of code was done to this site. I don't know where to go from here. I'm not a programmer, but need to resolve this issue as we don't have a programmer in the office - so it's up to me. Not sure if I'm giving you all the info you need to help me, but I need a life raft for sure. I'm in over my head...
We had our Bluehost account hacked a while back, could be... What does your /index.php file have in it? Should be:
<?php require('concrete/dispatcher.php');
In the index.php file associated with the database and domain name in question, the script looks exactly as you said it should.
But we have multiple /index.php files with additional extensions. Should they ALL contain the script you mentioned?
Here's one, for instance, that doesn't:
<?php
$ff = scandir('./');
sort($ff);
$files = array();
foreach($ff AS $f) {
if (preg_match('/example[0]{0,1}(\d+)_(.*?)\.php/',$f,$m)) {
$num = intval($m[1]);
$files[$num] = array(ucfirst(preg_replace('/_/',' ',$m[2])), $m[0]);
}
}
echo '<html><body><h3>mPDF Example Files</h3>';
foreach($files AS $n=>$f) {
echo '<p>'.$n.') '.$f[0].' <a href="'.$f[1].'">PDF</a> <small><a href="show_code.php?filename='.$f[1].'">PHP</a></small></p>';
}
echo '</body></html>';
exit;
?>
But we have multiple /index.php files with additional extensions. Should they ALL contain the script you mentioned?
Here's one, for instance, that doesn't:
<?php
$ff = scandir('./');
sort($ff);
$files = array();
foreach($ff AS $f) {
if (preg_match('/example[0]{0,1}(\d+)_(.*?)\.php/',$f,$m)) {
$num = intval($m[1]);
$files[$num] = array(ucfirst(preg_replace('/_/',' ',$m[2])), $m[0]);
}
}
echo '<html><body><h3>mPDF Example Files</h3>';
foreach($files AS $n=>$f) {
echo '<p>'.$n.') '.$f[0].' <a href="'.$f[1].'">PDF</a> <small><a href="show_code.php?filename='.$f[1].'">PHP</a></small></p>';
}
echo '</body></html>';
exit;
?>
It looks like you have more the that just concrete5 in your html root. I saw mPDF, which is a .html to PDF conversion utility. I have no idea what that is doing there. What does your .htaccess file have in it.
-----Original Message-----
From: concrete5 Community [mailto:discussions@concretecms.com]
Sent: Thursday, July 26, 2012 3:24 PM
To: jimk@nteaviation.com
Subject: Syntax Errors throttling account : Building with concrete5
-----Original Message-----
From: concrete5 Community [mailto:discussions@concretecms.com]
Sent: Thursday, July 26, 2012 3:24 PM
To: jimk@nteaviation.com
Subject: Syntax Errors throttling account : Building with concrete5
The index.php file for the directory associated with subdomain of our website only contains what you said it should:
<?php
require('concrete/dispatcher.php');
And the htaccess file is empty.
However, there are other subdomains associated with the primary account domain, and I suppose a hacker could have inserted content into any file in any folder inside of the public_html. How would I best determine that? By going through the index.php files for the other directories?
I’ve attached an error log for the subdomain of our website (www.stockdaleresourcegroup.com) but, again, the index.php file appears as you said it should, and the htaccess file is empty (should it be?). (NOTE: In the error log, it refer to Line 78 in a particular file. When I checked the file, line 78 was blank)
I'm VERY appreciative of your help. Nobody in the office knows what to do next :-(
<?php
require('concrete/dispatcher.php');
And the htaccess file is empty.
However, there are other subdomains associated with the primary account domain, and I suppose a hacker could have inserted content into any file in any folder inside of the public_html. How would I best determine that? By going through the index.php files for the other directories?
I’ve attached an error log for the subdomain of our website (www.stockdaleresourcegroup.com) but, again, the index.php file appears as you said it should, and the htaccess file is empty (should it be?). (NOTE: In the error log, it refer to Line 78 in a particular file. When I checked the file, line 78 was blank)
I'm VERY appreciative of your help. Nobody in the office knows what to do next :-(
The .htaccess file may be empty if the mod_rewrite configuration for "pretty URL's" is configured in the global server configuration file. You most likely don't have access to that. Your site seems to be working fine. The error logs don't seem to be that bad, throwing an occasional error, the last being thrown July 12th and I believe is unrelated to your initial problem. I suspicion your ISP throttling issue is related to a multi-domain webserver misconfiguration. Whoever is providing web hosting service should be better able to diagnose and fix that issue. Get that fixed first, then worry about the intermittent MySQL error messages, or not... If it aint broke don’t fix it... LOL
-----Original Message-----
From: concrete5 Community [mailto:discussions@concretecms.com]
Sent: Friday, July 27, 2012 9:03 AM
To: jimk@nteaviation.com
Subject: Syntax Errors throttling account : Building with concrete5
-----Original Message-----
From: concrete5 Community [mailto:discussions@concretecms.com]
Sent: Friday, July 27, 2012 9:03 AM
To: jimk@nteaviation.com
Subject: Syntax Errors throttling account : Building with concrete5
Platform, C5 Version, MySQL version, http logs, etc...