Recent Topics

1 Feb 01, 2011 11:49    

My last two posts have given me this error and I simply ignore why...

Incorrect crumb received! [item]

Your request was stopped for security reasons.

Have you waited more than 2 hours before submitting your request?

Please go back to the previous page and refresh it before submitting the form again.

Alternatively, you can try to resubmit your request with a refreshed crumb:

The time frame from one post to the other has been 24 hours so I don't know why this message about "waiting 2 hours". I have "resubmitted" to post... I just don't understand the message nor why it appears.

2 Feb 01, 2011 11:53

i could not decide what to vote on that question :D i hate double negative questions

4 May 25, 2011 22:10

Does anyone have an answer for why this occurred? I experienced the same issue a today while trying to write posts.

This may be in relation to a recent attempt to hack my blog - server logs showed someone using yandex and google to search for b2 installer files. The installer files were of course deleted after installation for security reasons but the html welcome pages that link to the installer were still there and would show up in a google search.

Shortly after that occurred in the logs the blog would not load and gave the error

You cannot use the application before you finish configuration and installation. 

MySQL error: 
Unknown table engine 'InnoDB'(Errno=1286) 

Please use the installer to finish your configuration/installation now. 

On most installations, the installer will probably be either here or here... (but I can't be sure since I have no config info available! ) 

I saw this error on another thread - http://forums.b2evolution.net/viewtopic.php?t=22270&sid=8264a3f46638e3b8cde73ff896500eb8 but it doesn't seem to be the same issue - my host hasn't moved anything lately.

After my host restarted mysql the error went away but upon trying to write posts odd validation errors are coming up that never were before.

Blog version is 4.0.5

From the looks of the hits table and referrers it looks like a black hat seo wanted to use my blog to post links. Trying to hack in from various portions of their link farm.

Whatever they tried seems to have fouled up the blog but they were not successful in spamming the blog.

Unfortunately I also had an older b2 install on the same server/different db that I'd lost track of and hadn't updated. That one had hit logs showing an automated attack occurring every 5 minutes on the forgot password page for quite some time. Again - that site was also fouled up with that inno db error but SO FAR there are no additional signs of tampering. Didn't see hits from an automated attack on the 4.0.5 install though.

Any suggestions? Particularly regarding possible causes for that InnoDB error in relation to attempted intrusion and attempted sql injection? (wasn't related to my host, they had changed nothing and I had not changed any b2 settings recently)

Thanks

6 May 26, 2011 07:40

Thanks Sam. That explains the crumby error to me :)

Any clues though as to why a blog that's running fine suddenly reports that InnoDB error? InnoDB wasn't even installed on the server so the message doesn't make any sense. Unless you're implying perhaps that somehow a hacker got that content to display when I visited my blog - which could mean somehow they managed to injected that content and get it to display when I visited my site?

Mostly what I want to establish for certain is whether someone actually got in or they were just trying hard and came very close.

Thanks again everyone.

7 May 26, 2011 19:47

b2evo 4 requires InnoDB engine. Your tables were converted during the upgrade.
If you can't use innodb for any reason, you can change table type to MyISAM and hope that this will not break your installation, or better move to another hosting plan/company.

8 May 26, 2011 20:04

Thanks Sam,

Weird then. InnoDB was not installed when I installed b2 evo 4.x and I don't recall it complaining - perhaps it did but it's worked perfectly fine.

Does 3.3.3 require InnoDB? That's the old one I had neglected to update on my server and forgot it existed - the one that someone was attempting an attack of some kind on the forgot password feature.

I ask because both the 3.3.3 install and the 4.05 install had this same InnoDB error that day.

My host is excellent, and they've installed InnoDB for me.

9 May 26, 2011 20:19

I see from these old docs - http://manual.b2evolution.net/.9.2_system_requirements it looks like you've required inno db for a long time. Yet all this time b2's worked just fine without it. I've been running b2 without innodb for years without issue until now.

That leaves me a bit puzzled that the 4.05 and 3.3.3 installs on my account had that error, and yet there's an even older 2.4.7 install I have in a protected area of the site that's for personal use only - and it did not have this inno db error while both the public versions did.

Any guesses?
Thanks

10 May 26, 2011 21:07

Sorry, the real important question I've been fishing for answers on is "was my install compromised or not" - and unfortunately my b2 installs all have some odd data in evo_basedomains - I can't find any area of the admin dashboard that displays or edits this information and I certainly wouldn't have google.it or some spammy blogs url in that table, or flickr.com - 3 of the records in that table point to spammy blogs.

Can you tell me what this table is there for and why someone would add to it? I can't find said info by searching for evo_basedomains in the docs. Or is it normal if someone clicks through to your blog from another site for their domain to be added to evo_basedomains (I can't imagine that being the case but I have to ask)

Why would mail.live.com and mail.google.com be in this table on one db (the 2.4.7 install) but not on the 3.3.3 install which has 3 domains I would have set up for the blog in the table records but also has junk like google.com.au, google.se, etc, and meanwhile the 4.0.5 install has google.it, flickr.com, and urls to spam blogs.

forgive the triple post!

11 May 26, 2011 21:09

b2evo always worked with innodb, but since v4 innodb is required, or better say recommended.

I believe it still can run on myisam, but probably with limited functionality

12 May 26, 2011 23:29

Thanks Sam. I may just need to donate some spare change to b2, I appreciate the responses on this forum.

What about the evo_basedomains table questions in my last post though?

13 May 26, 2011 23:47

evo_basedomains table holds host names of external web pages refering to your blog.
You can view them on Stats > "Refered browser hits" page

14 May 26, 2011 23:56

Ah, that makes sense now. Well then, it seems most likely that there is no spoon and all is swell.

Thanks again.


Form is loading...