Something Went Wrong Message plus new need for ?page= for links

TBCbarefoot · January 20, 2021, 1:52pm

Our websites were recently hacked, and I have been putting them back together. This morning, this message popped up at https://www.BCphotoadventures.com/?page=in-the-news/.

And I now have to add “?page=” for my links to work.

https://www.BCphotoadventures.com/Errors/TurningGateErrorMessage.png

Any thoughts?

Thank you, I hope,

TBC

Matthew · January 20, 2021, 5:17pm

Our .htaccess file resolves URLs. You need to get the original .htaccess file from the Backlight ZIP.

TBCbarefoot · January 20, 2021, 5:54pm

Thank you, Matthew, but I cannot find this file. Could you send me a link? I went to The Turning Gate and could not find it. Or, if you just give me the code, I can make sure it is what should be in the file I have.

rod_barbee · January 20, 2021, 6:38pm

It’s inside the unzipped Backlight-Installer-xxx folder

TBCbarefoot · January 21, 2021, 7:57pm

Thank you. There are still two issues.

In order for my page links to work, I have to add ?page= before each one. Thus,

https://www.BCphotoadventures.com/calendar/ does not work and defaults to the home page, but adding the above text does, as in https://www.BCphotoadventures.com/?page=calendar/

It is inconvenient, but I can deal with it unless someone has a brilliant solution. This is not true with the fine art site at, for example,https://www.bc-fineartphotography.com/book, although neither link version works from this forum.

I have added what I hope is the latest .htaccess file modified 09-30-20 to the root directory of my website as well as the root of the backlight folder. There is a MUCH smaller version that is in the other folders.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

The second issue is that my cart does not work. People log in, add to cart that will take them to the PayPal page, they select the correct item, and do the normal button at the bottom right, and then, instead of the “Thank you” message, get dumped back into the add to cart page, and nothing goes through on the PayPal side.

I am hoping Matthew, Dan, or others can help with this one.

Thanks, I hope, in advance,

TBC
https://www.BCphotoadventures.com/

TBCbarefoot · January 21, 2021, 8:14pm

And I should make sure that every folder that should have that smaller htaccess file has it and ditto for the larger file. Remember, a nasty hacker slithered in through a php files, so I want to make sure I get it right!

Again, thanks,

TBC

Matthew · January 22, 2021, 5:42am

When you unzip the downloaded installer, there’s a .htaccess file inside. If you don’t see it, then you need to enable display of hidden files within your file system, or within your FTP client.

Copy that file to your website, as in our install docs. It only need to copied to one place.

After that, got into Backlight’s admin. Visit the Backlight Modules page and press the button to re-install all modules.

Visit the main admin page, and click the three Special Links:

Update Album Files
Update Backlight Index Files
Clear Template Cache

Report back whether that solves it for you.

TBCbarefoot · January 22, 2021, 10:22am

Thank you, Matthew. When our websites were hacked, the hacker’s automatic programs accessed the sites through some php file(s). I have since gotten rid of almost all of the php files (NOT the ones within the backlight Custom folder, but all the ones associated with the old Dreamweaver site), so, I obviously don’t want to risk that happening again, as it took the better part of four days, between my server guru and me to put it all back together again. Another thought was that the hackers may have accessed it through an old form file.

Before I do this, should this take care of future vulnerabilities?

Meanwhile, you might consider updating your site to replace many/most of the Backlight 2 references to Backlight 3!

Take care, and stay safe,

TBC

Matthew · January 22, 2021, 11:39pm

I can’t speak for the rest of your site.

@Ben is a master-level PHP engineer and has done his utmost to ensure Backlight provides a secure environment. In general, you should be running the code that Backlight ships, unless Ben advises you otherwise in this forum. When we do discover a security issue in Backlight, or if such is reported, Ben is typically quick to fix it in a security patch.

Also, because Backlight is niche software, serving a relatively small audience, it’s unlikely to be targeted by hackers. If you’re running a Wordpress blog – Wordpress powering 39% of websites on the Internet, according the most current report I can find – then it’s likely that Wordpress was the point of incursion. This is one reason that I’ve isolated Wordpress on The Turning Gate, and use it on a dedicated subdomain (https://blog.theturninggate.net, while the rest of the site lives at https://theturninggate.net).

TBCbarefoot · January 23, 2021, 3:43am

Matthew,

As usual, thank you for your thoughtful and enlightening response. The same goes for the rest of your team. Between Rod, Ben, Dan, and of course you, there is a wealth of information.

I have a blog using TTG’s WordPress theme, as a subset of our website … https://www.bcphotoadventures.com/blog/.

And I just reinstalled all the Backlight components, including the WordPress Theme.

Shall I just live with the need for ?page= for links?

Take care, and please stay safe,

TBC/Margo

Ben · January 23, 2021, 5:22am

Hi Margo, you shouldn’t have to live with ?page=-style links. I can have a go at fixing this for you if you can provide me with FTP access via direct message.

I strongly recommend that if you’re running Wordpress that you install the Wordfence plugin to help protect it from malicious users. Other steps to take are to use strong passwords for everything, from FTP access, to your WP Admin to Backlight admin. Enable two-factor authentication on Backlight will help protect your Backlight content.

The elephant in the room is whether there are still files on your server that were uploaded as an entry point when your site was hacked. I can have a cursory look for any strange content. Wordfence should pick up anything strange from at least your Wordpress files and directories.

Edit: lastly, for a WP site that I look after, I regularly sync all of the files to my PC and make a backup of the database. That way I can restore it should a hacker change or delete any of the content.

TBCbarefoot · January 23, 2021, 11:02am

Ben,

That would be fabulous! I believe I have your e-mail and will provide you with the access. Rod has the access already.

I believe I have the Wordfence plugin, but now cannot check to see if, in fact I do, as I am getting a 403 access denied code. UGH! This has been a nightmare!

I’ll wait on the two-factor authentication until after you take a gander at the site.

Meanwhile, I archived all files I could find that dated back to Dreamweaver days. My passwords are generally considered strong. And, our site is backed up once a month, but we are doing it more frequently, especially after I have done quite a bit of work on it.

Again, thanks, and take care,

TBC/Margo