Sometime today we starting having a problem with our web site.  Have not been able to reproduce it on demand.

When a user goes to the page http://www.pepboys.com, instead of getting the normal web site, they get a blank page with the following text:

cm_BITQ57B4DJdDB7RU1D$BQYe2Z4h

In the browser, using view page source, the above string is the only thing shown.

We are currently running ExpressionEngine 1.6.0 ( I know it’s not current, but nothing has changes that I’m aware of ).

Any ideas/thoughts?

Thanks

pbyweb, that certainly sounds strange. Is it always the same string?

Yes it is always the same string.

We get the error when using IE6.  Haven’t been able to get the error
to come up with IE7 or Firefox.

Greetings pbyweb,

Have you checked to see if the core.input.php has been modified. It looks like an invalid key (note the $) and is being output instead of the normal ‘Disallowed Key Characters’. Please check the function on line 406 of core.input.php, and see if it has been changed at all to output the key.

I checked core.input.php and it has NOT been modified.

It seems that the problem is coming up more and more often.

Before it was only for users with IE 6.  But now users with Firefox get the page when using IE7 on the same PC doesn’t give the error.

We’ve gone through and had users clear out there cache and restart the browser.  No luck.

This started this past Monday.  Once a user gets the bad page, they’ll continue to get it.

Is it possible there is some bad data somewhere in the database that is causing this?

I will push the manager responsible for the site to upgrade from 1.6.0 to 1.6.3 to that we are more current.  Other then that, any other idea/thoughts?

Here is the function from core.input.php:

/** -------------------------------------
/** Clean global input keys
/** -------------------------------------*/

// To prevent malicious users from trying to exploit keys
// we make sure that keys are only named with alpha-numeric text

function clean_input_keys($str)
{
if ( ! ereg("^[A-Za-z0-9\:\_\/\-]+$", $str))
{

exit($str);

exit(’Disallowed Key Characters’);
}

if ( ! get_magic_quotes_gpc())
{
$str = addslashes($str);
}

return $str;
}
/* END */

Looks like it has been modified- probably by someone trying to figure out what was triggering a ‘Diallowed Key’ message.  See:

That first exit is a modification- it prints out whatever key it is that would trigger the normal ‘Disallowed Key Characters’.  Which tells us- something is setting cookie/post/session variable w/ a key that triggers EE’s security.  Got to be set somewhere on your site- likely a cookie or session.  Talk to your server guy- any other software running that could be setting it?  Ad stuff?  Think I’ve seen some servers do it for some reason unknown to me.  But that’s definitely the issue.  Problem is, tracking down the source.

Hi, pbyweb - did you still need assistance with this?

Housekeeping- we good to close this one out, or is it still causing problems?

For the record, this thread was a split from this original thread of the same name in “How To”. Most of the details of this whole issue are over there.

And, I think it’s safe to say that the “unsupported hacks” which were implemented solved the issue. Consider this one “case closed”, and thanks for the help.

Good deal, mdesign.