All pages blank when viewed yet visible in dashboard

My webhost upgraded php to 7.2 minimum and I had to upgrade my concrete5 site to 8.5.5. However, bitcoin miner malware was discovered and I had to sweep it all out. Now I am able to login to my site and see all my pages on the sitemap. But anytime I try to view a page, either from the sitemap, the page navigator or as a user not logged in, I get a blank page.

I have cleared the cache and set the memory to 256m, but I still get blank pages. I even made a new install of 8.5.5 and connected it to a copy of the old database and still the same thing. Please help!

Are you getting any errors on the logs page?

Dashboard > Reports > Logs

No nothing. I also tried switching themes and setup my .htaccess for pretty urls. Still just blank pages when trying to view but everything looks intact from the dashboard.

I checked the database and in a table called btContentLocal all my writing is still there. So that’s a big relief!

If you would like someone to try to fix this for you send me a private message.
I will require access to your server to grab copies of the files and database to load to my dev server.

Likewise if you need me to fix this just drop me an email

hello@tm-designs.co.uk

1 Like

Okay, so I made a new install of 8.5.5 with sample data and everything looked fine. Then I pointed the new install at my old database and the problem was there: things look fine in the dashboard until I try to view a page and it comes up blank. Any ideas what could be in the database to cause this? Page views perhaps? I know all my content is still there because I can see it in phpMyAdmin.

Could be all sorted of things, but probably to do with the theme if the dashboard is fine. Try turning on the detailed debug and see if it throws up an error. Also look at the error logs to see what is happening

In phpMyAdmin look in the ‘Packages’ table and note the ones that are installed, next go to your ‘packages’ folder and make sure all those listed in the database are showing in your packages folder.

Looks like all you package files were in the public_html/concrete/packages folder. I moved the package folder into public_html/packages

You should never delete or move package files in the file manager, only remove them from the dashboard. Also you need to be very careful when moving stuff about in the file manager.

Thanks so much for this, it worked but it’s kind of weird. There’s no way I moved that directory. That damn php inject miner virus keeps coming back, I’m setting up a cron job to scrub my directory every hour. Thanks again, I can keep writing my book now!

1 Like

You are busy hiding the symptom. You need to focus on eliminating the problem, even if it is hard to track down. Consider that once inside your site there could be other and more dangerous malicious things going on behind the scenes.

I agree, I’m composing my question to Stacktrace now on how I can identify the process that keeps writing these malware files into my directories. Maybe I can create a new user, change ownership of all my C5 files and directories to it, then when new malware files get written they will stand out? All suggestions are welcome!

If the malware is within your user space, it will get the new permissions.
You could try setting all /concrete files and index.php to readonly, but that won’t cover all risks and still doesn’t resolve what is letting the malware loose in the fist place.

Also check your own PC. There could be malware on that inserting itself into the site when you login to check it.

My home machine runs linux and I did scan but found nothing. I’ll try the read only route. My cron job is quite simple and will buy me time to strike the root of evil.

The site you are working on fabs.eaware.ca is a subdomain (fabs) of eaware.ca.
eaware.ca is the TLD (top level domain), the TLD is infected with the malware as will be all other subdomains of the TLD.
You need to clean out the malware from eaware.ca and all the subdomains connected to it.

Oh I know, lots of people have had this problem and ended leaving their web host. I’m creating a special user who will own certain files like index.php and .htaccess, the evil process appears as my regular user so setting files to read only doesn’t help. I’m also writing a scrubber shell script that wipes out all the malware every few minutes. It’s fine to say find the source problem not just kill off the bad files and directories but from what I’ve seen so far, no one knows where the root of the evil resides.

Thanks everyone for your help. I was finally able to get rid of my server virus. The incident that started all of this was when my webhost dropped old versions of php and made 7.2 the minimum. Virus writers don’t update their code so that broke it all over the place.

Where I am now is my supermint theme is not compatible with php 7.2 and my site won’t load. Can I use phpMyAdmin to switch themes on the sly without C5 running?

There is a github copy, so you may find you can get that running or find someone who has a running copy for v8.

To remove, I would hack the package controller and page_theme.php to stub out everything that doesn’t do php7 and kill references to anything else in the package.

That will hopefully enable you to get to the dashbaord themes page and swap to Elemental, then to the addons page and uninstall supermint. A lot of content will become invisible (zombie) because Supermint has many area names that are not provided by Elemental.

You then need to install a new theme and recover content from the zombie areas. There is a marketplace addon that can help with that. Areas cleanup - concrete5

V9 will have equivalent capability built in.