Thread

Hi.

I am trying to help someone with a site that has lingered on EE 1.5.2 for a long time…it’s been lacking some TLC…and recently has just started showing a blank screen on login, so it’s not possible to get into the EE dashboard.

Are there any common causes of this that I can look into?

The site was also recently hacked (or rather the google search results were infected with spammy pharma links). Which seems to have been resolved with an FTP password change.

Basically I know it needs an upgrade to EE2 and an overhaul, but it would be good to quickly fix this EE login prob so they can do some content updates.

The live site is running fine.

I have emailed the host to see they have done anything recently (upgrades, moves etc).

Also, if I try to upgrade them to EE2 from EE1.5.x can you tell me what they need to pay (they are a non-profit org).

Thanks!

Hello pieshop,

I am sorry to hear you are running into this problem.

The first thing to determine is if we can see an error. Please follow these directions and then report your findings, if you can. If you cannot login at all or there is no lingering login, this may not work.

Next step, you already did that! Contacting your hosting company to see if there have been changes. You get 10 points. I think something did change and if I had to guess, I would say PHP was upgraded.

The upgrade is $50 from 1.X to 2.X.

Please let me know if debugging works and if the host made any changes.

Cheers,

Hey Shane,

Thanks for the advice. I’ve checked with the hosts (well, the reseller) who says no changes there (no PHP upgrades etc).

And I can’t access the login screen to login and turn on debugging and stuff. I can access via ftp and change the config…but I’ve tried changing the debug from 0 to 1 to 2, but that has no effect.

I guess I need to just do the upgrade, unless you can think of any other ideas….?

I’m kind of avoiding the upgrade because I think it will break a few elements of the site that work via old plugins…

Thanks for any further help.

Hello pieshop,

I feel your pain.

This is no good. I would prefer we get your site back in working order before we upgrade. I hate using “upgrade” as an answer. No guarantee that an upgrade will fix it. If it does, then we are left wondering what on earth caused this! But then again, if you are on a time scale, backing everything up so you can roll back and then trying an upgrade might be worth it.

Without debugging and no server changes, I am not sure where else to look.

Can you check your config.php file and see what you have for the following?

$conf['require_ip_for_login'] = "n";
$conf['admin_session_type'] = "cs";

Thank you,

Hello Shane.

Your words are encouraging. I have hope…

For those two lines in config.php I have:

$conf['require_ip_for_login'] = "y";
$conf['admin_session_type'] = "cs";

Would that ip for login y instead of n make a diff? I’ll try it anyway…

$conf['require_ip_for_login'] = "y";

or

$conf['require_ip_for_login'] = "n";

No change, still can’t login…

Also, and this might get you thinking!..the site was hacked recently, prior to the blank login screen.

The google search results for the site name were infected with pharma spam links….ie the page title in the google results would be fine, but the description below would be spammy. The links still went off to the site correctly though.

I found some malicious looking code at the v.top of index.php, and took it out. I reappeared later, I took it out, it reappeared and so on. I got the site owners to change the FTP passwords (they run the site, not me, I’m just helping them out), and lo and behold, the malicious code stayed away. A few days later the google results were cleaner, though some spammyness still persists. I figured it would take time for the googlebots to crawl through and clean it up. But maybe something is still bad….. You can see yourself if you google ‘reefdoctor’.

Anyway, during this time I could login to the EE cpanel fine, and so could the site owners…it was maybe a week after everything seemed sorted that we got the blank login screen. I figured I needed to sort them out with an upgrade to EE2 after the hack, but now the priority is to try and just get the login back!

Anyway, I mention it incase it throws some ideas your way!!

Thanks again.

Hello pieshop,

What about file perms? Or can you upload a new index.php file with your changes? If the hack solution was just removing the offending code from the file, it would not hurt to check perms as well as freshen any files you can without losing changes. It’s just good practice after being hacked.

Can you give that a go?

Cheers,