Urgent - Bring Website out of maintenance mode
Permalink
I brought a Website down this morning for maintenance to clean up some malicious code which was added to every PHP file. After cleaning and re-uploading, I am trying to bring it out of maintenance mode, but when I click on the Dashboard -> Sitewide Settings -> Access link, it just displays the info from the Dashboard -> Sitewide Settings -> General, even though the URL ishttp://www.mywebsite.com/index.php/dashboard/settings/set_permissio... the links to the other tabs (Email, Debug, etc...) within the Sitewide Settings still work, just not the Access tab.
I would really like to get this Website back live... anybody know how I can go about this?
I would really like to get this Website back live... anybody know how I can go about this?
Check your file permissions Make sure you can execute your php files.
I did change the file and folder permissions between the time I put it into maintenance mode and when I tried to take it back out of it, so you are probably on target with that suggestion. Do you know which folder and/or files I need to modify the permissions of?
go to your concrete folder and change all to 755 make sure index.php in the root is also 755
I've done that, but still can't access the Access page. Any other thoughts?
try going to mywebsite.com/index.php/dashboard/settings/set_permissions/maintenance_disabled/
I appreciate the suggestion - that gives me the same results, which is the URL shows that address, but the page still only loads as if I was on the General tab of Sitewide Settings.
but does the page come out of maintenance mode?
No, still displays the Coming Back Soon message. I cleared the cache as well - same message and no access to Sitewide Settings -> Access.
Can I workaround this by modifying a table in the database so I can just get the Website back up and live until I figure out the permissions thing?
at this point it may be something more serious. can you restore a backup ? what do you have access to ? what get displayed when you try to visit site.
I can navigate around the dashboard area without issue, except for the Sitewide Settings -> Access tab. The public part of the Website displays the "Coming Back Soon - This site is currently down for maintenance" from when I put it in Maintenance Mode.
whats in the file at root/concrete/single_pages/dashboard/settings/acccess? and the controller version of that file?
I appreciate the continued support on this...
I don't have a folder called access at that spot. Under the root/concrete/single_pages/dashboard/settings there is only a mail folder and a marketplace.php and a view.php file.
Under root/updates/concrete5.4.2.1/concrete/single_pages/dashboard/settings I only show a mail and a multilingual folder, with a marketplace.php and a view.php file.
I don't have a folder called access at that spot. Under the root/concrete/single_pages/dashboard/settings there is only a mail folder and a marketplace.php and a view.php file.
Under root/updates/concrete5.4.2.1/concrete/single_pages/dashboard/settings I only show a mail and a multilingual folder, with a marketplace.php and a view.php file.
there's no file like that in those directories. Do you know where it could be located? Does anyone know where thehttp://www.lbgf.org/index.php/dashboard/settings/set_permissions/... file is located? I can't access this thing and it's urgent.
Thanks.
Thanks.
Sounds like your site is forcing maintenance mode. If you upload this file attachement to your webspace as [site root]/tools/make_live.php and then visithttp://yoursite.com/index.php/tools/make_live/... and your site will go out of maintenance mode. For whatever reason just changing "SITE_MAINTENANCE_MODE" in the Config table doesn't do the job.
That worked - Thank you so much!
Cool, no problem. You probably want to remove that file from your site, but keep it around for safe keeping.
Hey Greg,
My site wasn't even in maintenance but the problem I'm having is that I can't even access the set_permissions page itself even though the correct URL is in the browser. So you seehttp://www.lbgf.org/index.php/dashboard/settings/set_permissions/... in the URL but the page contents re-directs back to thehttp://www.lbgf.org/index.php/dashboard/settings/... page. I need to access the permissions so I can set permission for some groups I created. Would you happen to have a fix?
Thanks.
My site wasn't even in maintenance but the problem I'm having is that I can't even access the set_permissions page itself even though the correct URL is in the browser. So you seehttp://www.lbgf.org/index.php/dashboard/settings/set_permissions/... in the URL but the page contents re-directs back to thehttp://www.lbgf.org/index.php/dashboard/settings/... page. I need to access the permissions so I can set permission for some groups I created. Would you happen to have a fix?
Thanks.
Hi Kehnee,
Are you having problems accessing any other dashboard pages? It's just a second level page, all the functionality for it is in concrete/controllers/settings/controller.php and the view is the concrete/single_pages/dashboard/settings/view.php file. Are you able to access other second-level pages on your dashboard?
Are you having problems accessing any other dashboard pages? It's just a second level page, all the functionality for it is in concrete/controllers/settings/controller.php and the view is the concrete/single_pages/dashboard/settings/view.php file. Are you able to access other second-level pages on your dashboard?
Hi Greg,
Yes I can access second level pages. The only one I can't access is the set_permissions access page (forgive the pun).
Every other tab in the Sitewide Settings work EXCEPT the set permissions tab.
It's so frustrating.
Please help.
Yes I can access second level pages. The only one I can't access is the set_permissions access page (forgive the pun).
Every other tab in the Sitewide Settings work EXCEPT the set permissions tab.
It's so frustrating.
Please help.
Have you tried refreshing the page from pages and themes? You can try this from "Pages and Themes > Single Pages". You should be able to scroll down on that page to find "Sitewides Settings", it will have '/dashboard/settings' as the address and you can click the "Refresh" button on the right to see if you get the other page back.
Hi Greg,
Thanks for responding.
I just tried that and it didn't work.
The funny part is that I can access the same page (access tab on Settings) on another C5 website on the same host company. I have no issues at all with that one but this.
I need to fix this ASAP as I have a client meeting coming up by the weeks end.
Any further guidance will be greatly appreciated.
Thanks again for all your help so far.
Thanks for responding.
I just tried that and it didn't work.
The funny part is that I can access the same page (access tab on Settings) on another C5 website on the same host company. I have no issues at all with that one but this.
I need to fix this ASAP as I have a client meeting coming up by the weeks end.
Any further guidance will be greatly appreciated.
Thanks again for all your help so far.
Did you fix it already and if so how did you fixed it?
I'm having the same issue and after weeks I still don't know how to fix it
I'm having the same issue and after weeks I still don't know how to fix it
Hi Greg,
No I haven't fixed it and it's really a pain trying to troubleshoot.
Please let me know if you find a solution.
In the meantime, does anyone know how we can get this fixed please???
No I haven't fixed it and it's really a pain trying to troubleshoot.
Please let me know if you find a solution.
In the meantime, does anyone know how we can get this fixed please???
Hi kehnee,
I've just encountered exactly the same problem as yours, after I had upgraded to v.5.4.2.2.
Have you already solved the problem? If so, I really appreciate if you can give a quick update of this thread.
Thanks.
I've just encountered exactly the same problem as yours, after I had upgraded to v.5.4.2.2.
Have you already solved the problem? If so, I really appreciate if you can give a quick update of this thread.
Thanks.
Hi Bunjack,
No! I still haven't fixed it. Please let me know if you find any solution.
No! I still haven't fixed it. Please let me know if you find any solution.
WOW!
I'm new to Concrete 5 and this just saved my Butt!
I would have had to Wipe my install and do it again,
Luckily I am just playing around for now.
Thanks for the Info!!!!
I'm new to Concrete 5 and this just saved my Butt!
I would have had to Wipe my install and do it again,
Luckily I am just playing around for now.
Thanks for the Info!!!!
can I ask you how the malicious code was added to the page?
a concrete5 exploit or something else? (for example: wordpress in the same site)
a concrete5 exploit or something else? (for example: wordpress in the same site)
Every time I've seen this, compromised FTP passwords were to blame.
If you've got an FTP client with a saved password, and you get some malware on your computer, the malware can harvest everything its author needs to connect and start spreading bad code. Scripts will often just hit every file with a php or html extension.
Best practice is to keep your passwords separate from your programs and take whatever steps necessary to keep malware at bay.
If you've got an FTP client with a saved password, and you get some malware on your computer, the malware can harvest everything its author needs to connect and start spreading bad code. Scripts will often just hit every file with a php or html extension.
Best practice is to keep your passwords separate from your programs and take whatever steps necessary to keep malware at bay.
oh, i did not think about that!
thanks for the hint!
i use keepass but sometimes i save the password in the programs, malware can upload the (most of the times unencrypted) password file and decode it for profit
thanks for the hint!
i use keepass but sometimes i save the password in the programs, malware can upload the (most of the times unencrypted) password file and decode it for profit
>MattWaters
In my case, I did not see any code added to php files. I deleted entire /concrete folder and uploaded a fresh copy. It works well now.
Apparently, some php files were not overwritten correctly when I upgraded from 5.3 to 5.4.2.2.
There was an another problem after the update.
I couldn't use "users & groups" functions because of a "Fatal error" in php.
The discussion below seemed to indicate that some codes of previous version in conflict with new ones cause the problem.
http://www.concrete5.org/community/forums/installation/cannot-use-s...
I scanned my PC with my anti-virus software, but I'm not sure it's 100% free from malware. So I will stick to the safe practice. Thanks for your heads-up.
In my case, I did not see any code added to php files. I deleted entire /concrete folder and uploaded a fresh copy. It works well now.
Apparently, some php files were not overwritten correctly when I upgraded from 5.3 to 5.4.2.2.
There was an another problem after the update.
I couldn't use "users & groups" functions because of a "Fatal error" in php.
The discussion below seemed to indicate that some codes of previous version in conflict with new ones cause the problem.
http://www.concrete5.org/community/forums/installation/cannot-use-s...
I scanned my PC with my anti-virus software, but I'm not sure it's 100% free from malware. So I will stick to the safe practice. Thanks for your heads-up.
yoursite.com/login
