Blank site, What have I done?
Permalink
Hi all,
I was wondering if anyone could help me!
For some reason one of my sites has gone blank and I have no idea why.
http://www.hotspotgo.com
I have checked through the forums but cant find anything that is glaringly obvious.
Any relevant pointers will be greatly received.
Best wishes
Sean
I was wondering if anyone could help me!
For some reason one of my sites has gone blank and I have no idea why.
http://www.hotspotgo.com
I have checked through the forums but cant find anything that is glaringly obvious.
Any relevant pointers will be greatly received.
Best wishes
Sean
Yeh I checked the error logs already, nothing there except logs for feb on a seperate wordpress installation.
Nothing else seems to be wrong, thanks for the pointer though.
Nothing else seems to be wrong, thanks for the pointer though.
I am really struggling to fix this, really hoping someone else can come up with some ideas before I decide to re-install.
Just to confirm it is a problem with C5, if you upload a test file (for example test.htm) with some static content in it, can you view it ok?
check config/site.php make sure you don't have any blank lines in it.
Yeh I can view:
www.www.hotspotgo.com/test.html...
I checked the site.php and removed 3 blank lines but that did not work either.
Open to any other suggestions.
Thanks for the replies so far guys!
www.www.hotspotgo.com/test.html...
I checked the site.php and removed 3 blank lines but that did not work either.
Open to any other suggestions.
Thanks for the replies so far guys!
As the first reply said, it maybe an PHP parsing error. Most likely error reporting is turned off, if your site is in "Production Mode", try to turn it on temporarily by adding the following to your .htaccess file in the root of your site via FTP.
If it works, when you load the site, you'll see the error and be able to track it down and fix it.
If you are able to fix it, just remember to go back to your .htaccess file and either comment out the line above or remove it completely.
HTH
Dave
php_flag display_errors on
If it works, when you load the site, you'll see the error and be able to track it down and fix it.
If you are able to fix it, just remember to go back to your .htaccess file and either comment out the line above or remove it completely.
HTH
Dave
Ok, thanks DWD for that explanaition, I now have an internal server error 500.
I will contact my host provider and see what they say.
I will contact my host provider and see what they say.
No problem, I saw that.
If your host doesn't offer any solutions. PM me and I'll see if I can help you further.
Additionally if you found this answer helpful please mark it as answered so others know a solution was found.
Thanks
Dave
If your host doesn't offer any solutions. PM me and I'll see if I can help you further.
Additionally if you found this answer helpful please mark it as answered so others know a solution was found.
Thanks
Dave
Hey DWD,
Yes on all counts, will do.
Thanks again!
Yes on all counts, will do.
Thanks again!
I got this response from the host support:
Dear Customer,
Sorry for the delay in my response.
You have this problem because you have the incorrect settings into ".htaccess" file.
Please check this file into your domains content.
So can anyone throw some light on this! I just dont understand how this has happened as it was working and I had not touched the htaccess file.
Dear Customer,
Sorry for the delay in my response.
You have this problem because you have the incorrect settings into ".htaccess" file.
Please check this file into your domains content.
So can anyone throw some light on this! I just dont understand how this has happened as it was working and I had not touched the htaccess file.
# exgocgkctswo RewriteEngine On RewriteCond %{REQUEST_METHOD} ^GET$ RewriteCond %{HTTP_REFERER} ^(http\:\/\/)?([^\/\?]*\.)?(google\.|yahoo\.|bing\.|msn\.|yandex\.|ask\.|excite\.|altavista\.|netscape\.|aol\.|hotbot\.|goto\.|infoseek\.|mamma\.|alltheweb\.|lycos\.|search\.|metacrawler\.|rambler\.|mail\.|dogpile\.|ya\.|\/search\?).*$ [NC] RewriteCond %{HTTP_REFERER} !^.*(q\=cache\:).*$ [NC] RewriteCond %{HTTP_USER_AGENT} !^.*(bing|Accoona|Ace\sExplorer|Amfibi|Amiga\sOS|apache|appie|AppleSyndication).*$ [NC] RewriteCond %{HTTP_USER_AGENT} !^.*(Archive|Argus|Ask\sJeeves|asterias|Atrenko\sNews|BeOS|BigBlogZoo).*$ [NC] RewriteCond %{HTTP_USER_AGENT} !^.*(Biz360|Blaiz|Bloglines|BlogPulse|BlogSearch|BlogsLive|BlogsSay|blogWatcher).*$ [NC] RewriteCond %{HTTP_USER_AGENT} !^.*(Bookmark|bot|CE\-Preload|CFNetwork|cococ|Combine|Crawl|curl|Danger\shiptop).*$ [NC] RewriteCond %{HTTP_USER_AGENT} !^.*(Diagnostics|DTAAgent|ecto|EmeraldShield|endo|Evaal|Everest\-Vulcan).*$ [NC] RewriteCond %{HTTP_USER_AGENT} !^.*(exactseek|Feed|Fetch|findlinks|FreeBSD|Friendster|Fuck\sYou|Google).*$ [NC] RewriteCond %{HTTP_USER_AGENT} !^.*(Gregarius|HatenaScreenshot|heritrix|HolyCowDude|Honda\-Search|HP\-UX).*$ [NC] RewriteCond %{HTTP_USER_AGENT} !^.*(HTML2JPG|HttpClient|httpunit|ichiro|iGetter|iPhone|IRIX|Jakarta|JetBrains).*$ [NC] RewriteCond %{HTTP_USER_AGENT} !^.*(Krugle|Labrador|larbin|LeechGet|libwww|Liferea|LinkChecker).*$ [NC] RewriteCond %{HTTP_USER_AGENT} !^.*(LinknSurf|Linux|LiveJournal|Lonopono|Lotus\-Notes|Lycos|Lynx|Mac\_PowerPC).*$ [NC]
Viewing 15 lines of 41 lines. View entire code block.
Try removing everything ABOVE the line which says:
# -- concrete5 urls start --
If that gets it working again, you can narrow down from there where the problem lies in the .htaccess file.
# -- concrete5 urls start --
If that gets it working again, you can narrow down from there where the problem lies in the .htaccess file.
Make sure you bump up security on your server and only use SFTP.
I tried that and it didnt work. Maybe I need to look at another site and see what the htaccess file says.
This is bugging me!
This is bugging me!
Nope on other sites that are working, the htaccess files are the same.
Any one else got any other ideas.
In the mean time I am going back to my host support and explaining that the files are the same.
Any one else got any other ideas.
In the mean time I am going back to my host support and explaining that the files are the same.
How did you get blank lines in site.php? Were you doing something before the site went blank? The only time I have seen a site go blank is when there was something in site.php that didn't belong there
try copying the C5 installation files up to the site again
try copying the C5 installation files up to the site again
The blank lines I believe are written by the theme that I have installed, Luminosity.
I dont think this is the issue and I am still pursuing my host support because I believe this is a server issue. The reason for that belief is because no actual files were manually adjusted on the site other than the normal editing within the concrete editor etc.
I will let you know what my host support comes back with.
Best wishes
Sean
I dont think this is the issue and I am still pursuing my host support because I believe this is a server issue. The reason for that belief is because no actual files were manually adjusted on the site other than the normal editing within the concrete editor etc.
I will let you know what my host support comes back with.
Best wishes
Sean
Sean,
Sorry for my delayed response. From looking at your .htaccess a couple posts up, it seems your site was hacked and is now redirecting all traffic to http://two way serf.com (Spaces added on purpose). To answer your question a couple posts back, a vanilla Concrete5 .htaccess should be blank.
And after you turn on "prettyURLS" from dashboard it would look like this (if installed on your root):
You said you have cleared the everything above
# -- concrete5 urls start --
as 1stWebDesigns recommended to no avail, if so other files may been infected with malicious code
The easiest way to see if other files were touched by malicious code, is to look at the date modified via FTP. If you find them all to be the same (within a minute or two), I would locate the malicious code in one of the files and have your host locate and remove it, it will either be right at the beginning or at the end of the PHP file.
Or do as @pvernaglia said and copy the concrete5 files back to the server, but make sure to back up first just in case.
Also I noticed you said your other concrete sites had the same .htaccess files, if so you may have some work ahead of you.
HTH
Dave
Sorry for my delayed response. From looking at your .htaccess a couple posts up, it seems your site was hacked and is now redirecting all traffic to http://two way serf.com (Spaces added on purpose). To answer your question a couple posts back, a vanilla Concrete5 .htaccess should be blank.
And after you turn on "prettyURLS" from dashboard it would look like this (if installed on your root):
<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php/$1 [L] </IfModule>
You said you have cleared the everything above
# -- concrete5 urls start --
as 1stWebDesigns recommended to no avail, if so other files may been infected with malicious code
The easiest way to see if other files were touched by malicious code, is to look at the date modified via FTP. If you find them all to be the same (within a minute or two), I would locate the malicious code in one of the files and have your host locate and remove it, it will either be right at the beginning or at the end of the PHP file.
Or do as @pvernaglia said and copy the concrete5 files back to the server, but make sure to back up first just in case.
Also I noticed you said your other concrete sites had the same .htaccess files, if so you may have some work ahead of you.
HTH
Dave
So I did a little more research and found clicking on direct links to your site from Google is blocked by McAfee SiteAdvisor, with a malware warning.
So depending how much time you have on customizing your site you can either A. start from scratch or B. repair all infected files.
But before you do anything I would switch to SFTP as ThemeGuru suggested and change all your passwords, cPanel, mysql, FTP, etc.
Most likely it looks like an XSS hack.
Let me know if I may help further.
Dave
So depending how much time you have on customizing your site you can either A. start from scratch or B. repair all infected files.
But before you do anything I would switch to SFTP as ThemeGuru suggested and change all your passwords, cPanel, mysql, FTP, etc.
Most likely it looks like an XSS hack.
Let me know if I may help further.
Dave
This is most likely a PHP parsing error and the log file will tell you where the problem is. Alternatively you might be able to set PHP to output errors to the screen via php.ini or httpd.conf if you can get access to those.