Thread

Over the holiday, I realized that the Pharma hack had been inserted into 6 of my websites (hosted on Dreamhost) thanks to an FTP backdoor.  My EE2 site was one of the hacked sites.  To solve the hacking problem, I copied my directories, deleted everything from my public www directory, and reinstalled from scratch.

However, now there’s funky behavior.  I’ve added an .htaccess file that includes the “remove index.php” code.  I noticed that some of my links abide by the rule, and others don’t.  I’ve been unable to figure out the rhyme or reason behind the problem.

Does anyone have any insights into how to figure out why some templates are following the htaccess while others are not?

Any help would be GREATLY appreciated!!

-Brian

Hi brianfrick,

After you resolved the Pharma hack was your site working correctly? Which .httaccess code are you using. Is it the same as below which is from the docs?

<IfModule mod_rewrite.c>
      RewriteEngine On

      # Removes index.php
      RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteRule ^(.*)$ /index.php/$1 [L]

      # If 404s, “No Input File” or every URL returns the same thing
      # make it /index.php?/$1 above (add the question mark)
</IfModule>

Sean

Hi Sean,

The htaccess file does contain what you mentioned above.  I’m wondering if changing all of the php files to 600 might have something to do with it (although it shouldn’t, because php is server-side and shouldn’t need to be group- or all-readable).  I’ve checked permissions per the installation requirements, i.e., cache is 777, database and config are 666.  I’m loathe to allow any image directories to have 777 permissions because the pharma hack used those directories for hiding some of the scripts.  Do they have to be 777?

More information:  it seems that only links that are generated with

{title_permalink='template_group/template'}

{path="template_group/template"}

{site_url}

{site_url}contact

{site_url}template

files are in other template groups and work fine.

In addition, normal redirects per htaccess also fail.

The problem began after I reinstalled the EE2 code from the download.  In order to eliminate all possible hacks, I reinstalled everything from verified sources.  This is the first time I’ve had an issue with reinstalling and/or upgrading EE2.

I hope this helps!

One more note:  I removed “index.php” from Admin -> General Configuration -> Name of your site’s index page, and it fixed all issues except for the general redirects and the {site_url}contact issue I’m having.

I’m baffled.

Using php 5.3.5 with EE 2.3.1. 

URL to the site is www.homedialysis.org.

Some of the links render correctly, others do not.  It seems that .htaccess is being ignored somehow, in addition to URLs not rendering properly.  An example of an improperly-rendered link occurs here:

http://www.homedialysis.org/sponsors/show/satellite_wellbound

If you view the source, you’ll notice that in the form, the URL renders as

<form class="form" method="post" action="http://www.homedialysis.org/sponsors/show/{url_title}">

<form class="form" method="post" action="http://www.homedialysis.org/sponsors/show/satellite_wellbound">

The code for that line in the template that creates this page is

<form class="form" method="post" action="{site_url}sponsors/show/{url_title}">

so the site url correctly loads but the url title, which is a field I created for this template, does not.

What’s the general response time for help questions via the EE2 boards? 

Thanks!

Brian,

I just looked at your site and the form you linked to. The link appears to be working correctly now. Have you resolved this issue? Is there anything else you need help with?

Sean