phpMyAdmin apparently ignoring POST data, no error - mysql

I am running MAMP on my OSX dev environment, and it recently notified me that it could auto-update phpMyAdmin to version 4.6.5.2. I did so, and all seemed to be well, I was able to browse my databases as before.
Soon I learned that some things weren't working. When I take actions that use a GET request, such as clicking the Browse tab on a database, it works. When I do anything requiring POST, such as a Search, or an SQL query, it ignores the request and reloads the page, no error message appears on-screen.
No errors or warnings appear in my MySQL, Apache, or PHP log files. The problem occurs on all databases, and it's only affecting phpMyAdmin--other locally hosted sites accept POST requests as normal. I am able to read and write to the databases though other channels (e.g., command line, PHP scripts, etc).
Has anyone else encountered this?
Does anyone have an idea what might be causing it?
I'm currently trying to roll back the version, but I need to figure out how.

I have encountered the same. It looks like I have resolved the problem by clearing cookies. Also switching between different auth_type(http, cookie, config) modes in config.inc.php could help.

Related

Classic ASP response times varying extremely

I am working on a set of Classic ASP (VBScript) websites under different domains with 64bit Access (2013) database connection. Server is a shared Windows Server 2012 with IIS 8.5. The sites were not coded by me.
Everything seems to work fine for a time, but after several page calls (sometimes also at the first or only call to the site) the server does not respond for more than 20 to 30 seconds. This means: I can't call ANY page hosted on this server, even all other websites under different domains stop working for that time.
I am not sure, if plain HTML pages will respond, but it seems not. After such an issue everything is running fine again for various periods (up to 1 or 2 minutes), pages show up with normal response time, then this system hang repeats. And so on…
Finding the problem is extremely difficult, because all the sites on this shared hosting server could possibly cause this behaviour, it not necessarily seems to be triggered by my specific page call or subsequent calls, though it could be.
I am not sure, where to even look for the problem. I searched this forum and noticed some interesting answers, but not exactly to our problem. I tried Sysinternal's Process Monitor on a virtual server, where only one specific site is hosted and the same issues exists, but was not able to interpret most of the messages. I looked into event viewer log at this machine and noticed entries saying:
A trappable error (C0000005) occurred in an external object. The script cannot continue running.
But even if that sounds to be a possible reason, I am not sure where to look in the script or a log file, where I could find the trigger of all that. And on the shared host I don't even have the possibility to do that. On our local 'internal webserver' under Windows 10, where local copies of all the sites reside, I can. But I'm not sure, where to start my search.
Any help would be appreciated (and please don't needle me with proposals for switching to ASP.net or SQL - this is not possible at the moment).
I work with huge classic ASP application this error normally happens in a call for a Server.CreateObject('foo'). We have this kind of error here normally at the excel object when someone try to upload a very large .xls file. I would start mapping all the Server.CreateObject.

Site compromised: ZMEU attack

My site has been compromised with ZmEu attacks. In the logs I find suspicious user agents named - ZmEu.
The site returns 500 internal server error. There are no related error logs in the apache error log.
There are several dummy files all over in my server. I removed all of them.
But still the site is down.
What is the main target for such attacks?(What files are modified and how do I get them back?)
Where should I look to fix the issues?
If anyone has undergone such situation please give your advise.
update: Its wordpress site which is not working. There are other apps in sub directories which are working fine.
Thanks in advance,
You restore from a backup in this situation.
It will be tough to sort through and reverse everything 100%. The hacker could have even changed the modification times on the files, so you'll never be able to tell what has been accessed or not, without combing through every line.

Unwanted code being inserted into pages

Some of our ColdFusion sites are having the words "coupon" inserted into their footer with a link to another site. Is there anything I can do to prevent this? Is there any software I can run to help detect any vulnerabilities? It doesn't seem to be SQL injection as the databases seem fine and nothing unusual is showing up in the logs.
There are several variations of attacks that produce this sort of result (appending a link to some malicious or nefarious site). For example, this one (Script Injection) uses the latency between a file upload and checking to insert executable code on your server.
Other attack vectors include FTP (which is why you should not use it), or other file transfer protocols. In your case the infected machine may not be the server. It could be a client machine with access to the server - a developer who has set up FTP to the server for example.
Let me know if you need formal help - we have a good track record fixing this sort of thing. If you get more clues post them and I'll try to help. I will warn you that if this is a server infectionit is at the root level and is so pervasive your only option is to start with a pristine install and reinstall your code. Bad news I know - sorry :(
We had something similar happen when one of our servers was hit by the hack Charlie Arehart describes here:
http://www.carehart.org/blog/client/index.cfm/2013/1/2/serious_security_threat
Have you had these patches?
Another option that I would recommend is searching your site(s) for any use of the <cffile> tag that isn't expected. I had a customer that somehow got a single file that was a backdoor to their site. It was particularly dangerous because it could upload files to any location on the server as well as execute any SQL command against any datasource on the server. In other words, this single file opened the door to all of the sites and databases that were running on that server.
This backdoor file (which was named vision.cfm) was often used to update footers with links to coupon and spam sites. vision.cfm was only 210 lines of code.
The entire server had to be sanitized after this was discovered.

Websites running very slow

we have a vserver problem that started all of the sudden yesterday.
If you go to this Website:
http://www.rightsfreeradio.de
You will notice that it needs ages to load.
This happends to all websites we have running on the vserver.
I was asking the Provider if there is any problem with their connections, but they dont have any problems.
If I log in to FTP its running fast as usual
only all web based applications and websites are running very slow.
Running "top" shows that mysql takes like 70%+ on the CPU, but Iam not sure if thats normal or not.
Do you have any ideas what could be wrong with the server?
What programming standards are you using. I opened link but did not open it.
Either there may issue with server. Or another cas is:
Check any js, css file taking time to load
Put unncessary imported files at the end of body tag
On load are you calling any function which may be prone to deadlock getting blocked?
Make sure to use HTML Validator to correct your HTML etc.
Also make sure all scripts are working fine or to debug. Take off all the script files imported and go from there.
Link doesn't open at all.
first, I suggest you to restart all service on your server and then:
check mysql error log as you say above
tail -f /var/log/mysql.log
and then, check your databases
mysqlcheck -Aor
and you can follow this link bellow
Show top five CPU consuming processes with ps

Database Move Resulting in Blocked IPs?

I'm totally baffled by a recent problem I'm encountering. I've moved the MySQL database of a WordPress site from one server to another. After this, my client reports that they cannot access their site from their offices, but can access it anywhere else.
I've told them to clear cache, history, cookies, etc. No luck. Site just doesn't work in their office and works fine when they are anywhere else. They continue to receive timeout errors.
Site is visible to me on any browser, logged in, or logged out.
Could this be related to the database move? Is this is an unrelated issue that just happened to coincide with this database move?
Your help would be appreciated as I'm dumbfounded.
Check the hosts files or firewalls on the PCs that can't get to the site.
If they can get to the site away from the office, check the routers at the office.