Icy Phoenix

Old Support Topics - Headers Already Sent.

Vortex [ Tue 11 Sep, 2007 16:17 ]
Post subject: Headers Already Sent.

When I try to login i got a blank page with:

Quote:
Warning: Cannot modify header information - headers already sent by (output started at /mounted-storage/home58a/sub001/sc20402-TGHZ/www/config.php:19) in /mounted-storage/home58a/sub001/sc20402-TGHZ/www/includes/sessions.php on line 315

Warning: Cannot modify header information - headers already sent by (output started at /mounted-storage/home58a/sub001/sc20402-TGHZ/www/config.php:19) in /mounted-storage/home58a/sub001/sc20402-TGHZ/www/includes/sessions.php on line 316

Warning: Cannot modify header information - headers already sent by (output started at /mounted-storage/home58a/sub001/sc20402-TGHZ/www/config.php:19) in /mounted-storage/home58a/sub001/sc20402-TGHZ/www/includes/sessions.php on line 315

Warning: Cannot modify header information - headers already sent by (output started at /mounted-storage/home58a/sub001/sc20402-TGHZ/www/config.php:19) in /mounted-storage/home58a/sub001/sc20402-TGHZ/www/includes/sessions.php on line 316

Warning: Cannot modify header information - headers already sent by (output started at /mounted-storage/home58a/sub001/sc20402-TGHZ/www/config.php:19) in /mounted-storage/home58a/sub001/sc20402-TGHZ/www/includes/functions.php on line 1499

What could the problem be?

PS: I did clear cache, I'm using XS0.58b, was going to update, but i encountered this problem -.-'

Vortex [ Thu 13 Sep, 2007 15:39 ]
Post subject: Re: Headers Already Sent.

I replaced all files, testing the site with a phpbbxs vanilla's files, with the config.php backup and the normal database.

Same problem at login. Site was closed, i put "0" on the board disable database field via phpmyadmin, but the site remains closed :shock:

How is it possible? Any help?

Vortex [ Thu 13 Sep, 2007 17:24 ]
Post subject: Re: Headers Already Sent.

Solved.

MG, no need to destroy everything... :mrblue: I just found the bad scripts and eliminated them. Then I cleared /includes folder's infected files replacing them with original ones.

I took a look at that login.php I talked you about... the script was a phishing one, composed of 2 files: 1 html clone login page and 1 php mail script that generated the phishing mail. The HTML line in every file I don't know, maybe another spam added after the first attack, I don't think is linked to the phishing script.

For those of you who wanna see the bad script, just ask.

Just a question, MG or whoever can answer: the attack put two new files in my root... so as far as I can think with my few acknoledgements: that is not an XS security hole, but is hosting's security's fault, right? Should I get angry with 'em? :evil:

buzzy84 [ Thu 13 Sep, 2007 18:47 ]
Post subject: Re: Headers Already Sent.

Vortex wrote: [View Post]
Solved.

MG, no need to destroy everything... :mrblue: I just found the bad scripts and eliminated them. Then I cleared /includes folder's infected files replacing them with original ones.

I took a look at that login.php I talked you about... the script was a phishing one, composed of 2 files: 1 html clone login page and 1 php mail script that generated the phishing mail. The HTML line in every file I don't know, maybe another spam added after the first attack, I don't think is linked to the phishing script.

For those of you who wanna see the bad script, just ask.

Just a question, MG or whoever can answer: the attack put two new files in my root... so as far as I can think with my few acknoledgements: that is not an XS security hole, but is hosting's security's fault, right? Should I get angry with 'em? :evil:

With which service of hosting it has appened?

Vortex [ Thu 13 Sep, 2007 19:00 ]
Post subject: Re: Headers Already Sent.

buzzy84 wrote: [View Post]

With which service of hosting it has appened?

www.servage.net

Cheap and quite good for little sites, but very slow with large databases... :( I am planning to leave it as soon as I have time to do the transfer.

Mighty Gorgon [ Mon 17 Sep, 2007 01:42 ]
Post subject: Re: Headers Already Sent.

Vortex wrote: [View Post]
Just a question, MG or whoever can answer: the attack put two new files in my root... so as far as I can think with my few acknoledgements: that is not an XS security hole, but is hosting's security's fault, right? Should I get angry with 'em? :evil:

Unless you have a log which can demonstrate this, you cannot say for sure.

I don't use XS since one year... and I can't remember how many security holes I've fixed so far.