Civfanatics problems
- Thread starter LincolnOfRome
- Start date
Problem fixed.
What did you do?
- Joined
- Oct 5, 2001
- Messages
- 30,080
Something I don't want to do: I disabled all plug-ins for the forums (including things like our anti-spam measures). So... might be a dodgy plug-in that is causing the problem. This does give me a pointer to the problem - I know that the tapatalk plug-in pushes a cookie, so might upgrade that to the latest version and see if it helps.
Well, fix isn't finished.
When I clicked on the email spawned from your post above, the page failed to load. No error message. [note, the problem had this symptom previously - load failure without error message; I hadn't mentioned that before].
Tried it twice in IE and in FF and both failed.
When I clicked on the email spawned from your post above, the page failed to load. No error message. [note, the problem had this symptom previously - load failure without error message; I hadn't mentioned that before].
Tried it twice in IE and in FF and both failed.
All clicks on the email resulted in the error message
note
When I first had the problem, I cleaned up my cookies and changed my settings: I now accept direct cookies, but am asked about third party cookies. I always block, and blocked automatically when one came up just now. It was something like ambr.net But I didn't think to note it before clicking block.
EDIT, going off line now.
note
When I first had the problem, I cleaned up my cookies and changed my settings: I now accept direct cookies, but am asked about third party cookies. I always block, and blocked automatically when one came up just now. It was something like ambr.net But I didn't think to note it before clicking block.
EDIT, going off line now.
Tony.Uk
TonyUK
I use the Google toolbar search and just discovered this site was being blocked by the pop up blocker. Click 'more' on the toolbar and unblock. Not sure how this came to be as it was OK
before update to IE11. I do not usually use the IE search at the top and that is why I was able
to get access before. Anyway solved now.
Hope this helps anyone with problem still.
before update to IE11. I do not usually use the IE search at the top and that is why I was able
to get access before. Anyway solved now.
Hope this helps anyone with problem still.
strategyonly
C2C Supreme Commander
I get a few Malware indication from my Anti-Virus on my PC because of some of the "ads" listed on CFC (but not always), since i updated to my Virus scanner it doesn't give me the problem any longer, that is why there is alot of this confusion lately. I am trying to get a picture of the ad that causes this, but haven't been successful lately, this has happen about 7-9 months ago when this started. btw i use Firefox withOUT any problems.
Dachannien
Chieftain
- Joined
- Dec 15, 2013
- Messages
- 4
This is definitely a site hack. The error message is because once you've started sending the webpage contents to the user, you can't go back and set cookies and such. In vBulletin, various things are processed, including cookies, before any of the webpage is sent. But if someone hacks one of the vBulletin files to output something to the user before all of those things are taken care of, PHP will throw a minor fit and produce that error message.
The offending script probably only does something some of the time (possibly randomly, possibly based on your referrer, possibly based on whether you're logged in, etc.), which is why it's difficult to reproduce.
But anyway, for the administrators:
The first thing to do is check your site for the uploaded third-party scripts that are mentioned in this error message. If you get the error message and view source, you'll see at the very very top that an extra <script> tag appears there, referring to a script at "/uploads/13335/swfobject.js". Delete that script, first and foremost. (You could also replace it with an empty file and set the permissions to read only.)
Next, that line is being inserted because one or more vBulletin files was modified at some point. Which one it is can be difficult to tell, but I would check "/includes/init.php" first, since the error message mentions it. If you don't find anything there, and you have access to file modified dates, then the file in question will have a very recent modification date.
Most likely, the change to the file will be at the very top or bottom. It may just insert that exact line of HTML verbatim.
There may be changes to multiple files. It may be worth copying over the entire vBulletin installation with a fresh one to fix all of these changes en masse. If you've installed a lot of plugins, these should be reinstalled as well. Backup your MySQL database first. Don't forget to delete the /install directory when you're done.
For safety's sake, I would recommending setting permissions to read-only on the / and /includes directories and their contents, since those are where these hacks tend to land. I personally don't know whether these hacks are the result of a vBulletin vulnerability, or if there's some hack on your shared hosting provider caused by a vulnerability in someone else's site (or the provider generally) that gives the attacker access to all the shared sites on the server. (I've had similar problems on forums I've managed and the best I could do was set various directory/file permissions to read-only.)
Oh, BTW, eventually Google may figure out that your site is hacked and add a "potentially dangerous" note to all of your search results. Don't let that happen - get this problem nailed down ASAP.
Best of luck!
The offending script probably only does something some of the time (possibly randomly, possibly based on your referrer, possibly based on whether you're logged in, etc.), which is why it's difficult to reproduce.
But anyway, for the administrators:
The first thing to do is check your site for the uploaded third-party scripts that are mentioned in this error message. If you get the error message and view source, you'll see at the very very top that an extra <script> tag appears there, referring to a script at "/uploads/13335/swfobject.js". Delete that script, first and foremost. (You could also replace it with an empty file and set the permissions to read only.)
Next, that line is being inserted because one or more vBulletin files was modified at some point. Which one it is can be difficult to tell, but I would check "/includes/init.php" first, since the error message mentions it. If you don't find anything there, and you have access to file modified dates, then the file in question will have a very recent modification date.
Most likely, the change to the file will be at the very top or bottom. It may just insert that exact line of HTML verbatim.
There may be changes to multiple files. It may be worth copying over the entire vBulletin installation with a fresh one to fix all of these changes en masse. If you've installed a lot of plugins, these should be reinstalled as well. Backup your MySQL database first. Don't forget to delete the /install directory when you're done.
For safety's sake, I would recommending setting permissions to read-only on the / and /includes directories and their contents, since those are where these hacks tend to land. I personally don't know whether these hacks are the result of a vBulletin vulnerability, or if there's some hack on your shared hosting provider caused by a vulnerability in someone else's site (or the provider generally) that gives the attacker access to all the shared sites on the server. (I've had similar problems on forums I've managed and the best I could do was set various directory/file permissions to read-only.)
Oh, BTW, eventually Google may figure out that your site is hacked and add a "potentially dangerous" note to all of your search results. Don't let that happen - get this problem nailed down ASAP.
Best of luck!
- Joined
- Oct 5, 2001
- Messages
- 30,080
Thanks! I'll try your suggestions.
For some users, they get it every time. I can't replicate it at all, which makes it damned hard to diagnose, but the script name you've given is a great pointer. I figured that if so e get it 100% and I don't! it could be one of the location based ads (we've had similar before) but that wouldn't point to something in our uploads directory.
For some users, they get it every time. I can't replicate it at all, which makes it damned hard to diagnose, but the script name you've given is a great pointer. I figured that if so e get it 100% and I don't! it could be one of the location based ads (we've had similar before) but that wouldn't point to something in our uploads directory.
I don't know if this is related or not. This -only- happens in Opera 18 for me, but whenever I go to http://forums.civfanatics.com manually or click on the root link in the "Civilization Fanatics Forum > CIVFANATICS > whatever..", I get a totally blank page. View source just shows...
I honestly assumed this was just an Opera failing as it never occurs in any other browser, but after reading this thread, I thought I should at least mention it. Once I am in a sub-forum part of the forum, I can navigate just fine.
Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">I honestly assumed this was just an Opera failing as it never occurs in any other browser, but after reading this thread, I thought I should at least mention it. Once I am in a sub-forum part of the forum, I can navigate just fine.
Dachannien
Chieftain
- Joined
- Dec 15, 2013
- Messages
- 4
This probably isn't the result of one of the location-based ads throwing a fit, because the offending script is locally hosted, as is the SWF (which is named as a JPG but actually contains a SWF file). Also, if it were a location-based ad causing the problem, it wouldn't generate this error, because those ads are loaded as the result of the user's browser fetching them after fetching the page itself (i.e., after all the cookies are taken care of).
Tony.Uk
TonyUK
Seems to be Ok now for me.
- Joined
- Oct 5, 2001
- Messages
- 30,080
Great!
@Dachannien: thanks for your help. I really needed someone who could explain the specific problem, and tell me what to look for. As noted, I couldn't replicate it, nor find any changed files, so I was flying blind.
@Dachannien: thanks for your help. I really needed someone who could explain the specific problem, and tell me what to look for. As noted, I couldn't replicate it, nor find any changed files, so I was flying blind.
I still have the problem.
In both IE and firefox.
Could there be something at the users end as well?
In both IE and firefox.
Could there be something at the users end as well?
Great!
@Dachannien: thanks for your help. I really needed someone who could explain the specific problem, and tell me what to look for. As noted, I couldn't replicate it, nor find any changed files, so I was flying blind.
FWIW, I'm getting the error any time I try to link to the site through a google result. When I visit the site directly, I'm okay.
Dachannien
Chieftain
- Joined
- Dec 15, 2013
- Messages
- 4
Happy to help 
Deleting that script (the one in the uploads/13335 directory or whatever it was) will at least keep people from getting redirected to the malware site in question, because they will never be able to load the offending SWF file. But people might still have problems with getting that error message, at least until you find the modified files and fix them. And there's still the question of how those files got changed in the first place - until that's fixed, there's nothing stopping whatever script kiddie from reinfecting the site and causing the problem all over again.
Deleting that script (the one in the uploads/13335 directory or whatever it was) will at least keep people from getting redirected to the malware site in question, because they will never be able to load the offending SWF file. But people might still have problems with getting that error message, at least until you find the modified files and fix them. And there's still the question of how those files got changed in the first place - until that's fixed, there's nothing stopping whatever script kiddie from reinfecting the site and causing the problem all over again.
Just got the message
for the first time (in Firefox). Restarted the browser and this time CFC loaded.
for the first time (in Firefox). Restarted the browser and this time CFC loaded.
I got that, as well. I'm using Firefox.
Similar threads
- Locked
