Illegal use of $_SERVER error

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Illegal use of $_SERVER error

Post by ErikMouse »

Support Request Template
What version of phpBB are you using? phpBB 3.3.11
What is your board's URL? https://www.kingdommythica.info
Who do you host your board with? HostGator
How did you install your board? I used the download package from phpBB.com
What is the most recent action performed on your board? Update from a previous version of phpBB3
Is registration required to reproduce this issue? No
Do you have any MODs installed? No
Do you have any extensions installed? No
What version of phpBB3 did you update from? phpBB 3.3.11
What styles do you currently have installed? ProSilver
What language(s) is your board currently using? English
Which database type/version are you using? I Don't Know
What is your level of experience? New to PHP and phpBB
What actions did you take (updating your board; installing a MOD, style or extension; etc.) prior to this problem becoming noticeable? No answer given
Please describe your problem. No answer given
Generated by SRT Generator

Hi, I have been trying to get an issue where SiteLock on my hosting sent me an e-mail saying there is Malware Detected on kingdommythica.info and recently every time I go there, it is asking me to download index.php or some other weird file name. And I have been in chat contact with someone from HostGator trying to get this fixed because this is outside their phone support. So far I have gotten to where it site loads without asking me to download a file, but is now it is this General Error.

Code: Select all

General Error
Illegal use of $_SERVER. You must use the request class to access input data. Found in /home2/kingmyth/public_html/kingdommythica/includes/hooks/index.php(2) : runtime-created function on line 1. This error message was generated by deactivated_super_global.

Please notify the board administrator or webmaster: erikmouse
They are now telling me the issue is with the script please contact your web developer to resolve it for you, but I told them that I originally installed the phpbb forum, but now I have been disconnected. Now I may have to call them tomorrow if no one here knows how to fix this as I think my forum may have gotten defaced by a hacker, even though I have the latest 3.3.x forum installed.
Last edited by ErikMouse on Sun Dec 03, 2023 9:24 am, edited 1 time in total.
5hocK
Registered User
Posts: 3139
Joined: Wed Nov 23, 2011 7:00 pm
Location: UK

Re: Illegal use of $_SERVER error

Post by 5hocK »

You'll be asked to fill out a support request form. Better to do it first and add it to your post ;)
https://www.phpbb.com/support/srt/
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Re: Illegal use of $_SERVER error

Post by ErikMouse »

5hocK wrote: Sun Dec 03, 2023 9:16 am You'll be asked to fill out a support request form. Better to do it first and add it to your post ;)
https://www.phpbb.com/support/srt/
Okay, I just did that with what I can remember from the forums when it was working right.
5hocK
Registered User
Posts: 3139
Joined: Wed Nov 23, 2011 7:00 pm
Location: UK

Re: Illegal use of $_SERVER error

Post by 5hocK »

ErikMouse wrote: Sun Dec 03, 2023 7:42 am What is the most recent action performed on your board? Update from a previous version of phpBB3
What version did you update from and how did you update?
Check in your hosts' control panel and see which PHP version you're using.
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Re: Illegal use of $_SERVER error

Post by ErikMouse »

5hocK wrote: Sun Dec 03, 2023 9:30 am
ErikMouse wrote: Sun Dec 03, 2023 7:42 am What is the most recent action performed on your board? Update from a previous version of phpBB3
What version did you update from and how did you update?
Check in your hosts' control panel and see which PHP version you're using.
Well, someone from here helped me update from a 3.0.* version in the past to the version it is now and it had been fine for months, so I don't think it was an update that did it. Sometime recently, I started asking if I wanted to download index.php or some other recent file in every browser on multiple computers and I'm not sure what happened.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26677
Joined: Fri Aug 29, 2008 9:49 am

Re: Illegal use of $_SERVER error

Post by Mick »

If your board has been hacked or you think it has, please do the following before making any modifications to your board (this includes changing passwords, editing files, running the Support Toolkit, etc.):
  1. Save an archive file comprising copies of all the files (this can be done by creating a zip or tarball of the files).
  2. Save a copy of the database.
  3. Save the server access logs for the time of the hack (they may be available in the logs directory on the server, in your hosts control panel or only by request directly from your host).
  4. File a report in the incident tracker. Attach the items from steps 1-3 when you file the report or upload them to a secure location for the incident investigation team to download.

    Please do not start a new topic on the board, the proper place for incident reports is the tracker.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel©
🇬🇧
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Re: Illegal use of $_SERVER error

Post by ErikMouse »

Well, I just got a email response from the host now saying the following and I'm going to have to come back tomorrow to take a look at the scan report to see what they are. I don't know how this happened, but its starting to sound like something got hacked. I'm going to have to try to figure out and try the instructions that Mick had mentioned to send everything in so they can try to figure out how this happened and what can be done to fix this. This is really annoying.
Thank you for getting back to us.

As a courtesy I have scanned your account and I could see that currently your account has infected files present in them. I would strongly suggest you delete all the infected files below:

You can also view the entire scanlogs at FileManager: /home2/kingmyth/scanreport.txt
Once you have taken steps to remove the phishing, please reply back to this email to request a security review.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26677
Joined: Fri Aug 29, 2008 9:49 am

Re: Illegal use of $_SERVER error

Post by Mick »

Some hosts make me chuckle at times, it sounds to me like they’re trying to blame you when the majority of the time it’s their security that’s letting you down.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel©
🇬🇧
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Re: Illegal use of $_SERVER error

Post by ErikMouse »

Mick wrote: Sun Dec 03, 2023 10:31 am Some hosts make me chuckle at times, it sounds to me like they’re trying to blame you when the majority of the time it’s their security that’s letting you down.
Right now, I was able to get a hold of a scan log and download it, and now attempting a site backup to submit to the bug tracker, but it is refusing my access to the bug tracker. I'm about ready to provide someone with my username and password for the site where my forum is to anyone willing to go in and try to fix it.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26677
Joined: Fri Aug 29, 2008 9:49 am

Re: Illegal use of $_SERVER error

Post by Mick »

The tracker should let you log in with the credentials you use here, I’ve just logged in myself so it is working.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel©
🇬🇧
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Re: Illegal use of $_SERVER error

Post by ErikMouse »

Mick wrote: Sun Dec 03, 2023 10:57 am The tracker should let you log in with the credentials you use here, I’ve just logged in myself so it is working.
I'm trying, but it is refusing to let me login and I'm using the same username and password there as here.
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Re: Illegal use of $_SERVER error

Post by ErikMouse »

In the meantime, the backup I was able to get and download as a tar.gz is over a GB in size.
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Re: Illegal use of $_SERVER error

Post by ErikMouse »

Okay, I just called HostGator again and got a hold of someone. I told them what is going on and had escalated it to an emergency restore from a backup they have from November 30th because of all the infected files that were found. I do have a backup of everything from the site have recently got over an hour ago, so I can still provide that for the bug tracker, if I can even get into it, to find out what happened.
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Re: Illegal use of $_SERVER error

Post by ErikMouse »

Well, I'm still waiting to hear anything from HostGator and I had tried to call again, but now they claim they cannot find my account when I do have an account there. I'm getting very annoyed now with this.

Return to “[3.3.x] Support Forum”