spradlig

The SPAM posts started at almost the same time between the two users. Each user pulls from a different website. While I have not manually checked the RSS feed I have checked the sites themselves and they do not display the SPAM. I am checking only once every several days so it is possible they are simply removing the SPAM posts manually.

Now maybe there is a way of spoofing their RSS feeds but one site is a WordPress site the other appears to be a custom – non-WordPress – site. It seems unlikely both got hacked or started spitting out SPAM on their RSS at the same time. And the source of the SPAM appears to be the same. So again, unlikely both sites, different platforms, different owners got hacked at the same time by the same spammer.

Just a question… To see how stupid I am…

The site/domain is about 1 year old now. Would wp-admin have ever worked had those keys not been in there? In other words, could MediaTemple install a working version of WP 2.? without those keys or does it require that I screwed it up? At this point I’m thinking that I’m most likely responsible for this; sloppy and stupid.

It was probably a fair assumption to assume the keys were in there and that I hadn’t wrecked my site without noticing and then came to you for help fixing it… but … you don’t know me ??

Thanks again
Gabe

Yeah, I figured I was supposed to be getting redirected and I wasn’t. As far as the DB is concerned, there’s a lot of searching to be done in there. Is there a short list of items I should be checking?

I currently have this in wp-config.php:
$base = '/';
define( 'DOMAIN_CURRENT_SITE', 'irs-taxattorney.org' );

Then in the DB I have 1 entry in wp_***_site:
1 | irs-taxattorney.org | /

In wp-***-blogs I have lots of entries but the first one is:
1 | 1 | irs-taxattorney.org | / | ...

In wp-***-sitemeta the siteurl meta_key is https://irs-taxattorney.org/. In wp-***-options it listed as https://irs-taxattorney.org.

While in the middle of writing this post I found the answer!

This blog was installed at MediaTemple during a test of the cloud hosting for me. The site worked fine there but has been touchy ever since I moved it to another server. This install has had lots of little surprises for me – like my DB tool not working.

Well long story short(er) I noticed that there were no AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, etc definitions in wp-config. In all fairness to MediaTemple I mess with the WP files every so often and I may have accidentally erased them at some point. So I copied those definitions from another site and so far so good. I’ve logged into the admin panel. And I’ve been able to update the network and the plugins.

Thanks
Gabe

I started adding echo statements to the …/wp-admin/index.php and admin.php files. The admin.php code seems to work fine until it gets to the auth_redirect(); statement. And the auth_redirect() appears to complete all the way to the exit(); statement at the end.

It appears the auth_redirect() should be redirecting me to:

https://irs-taxattorney.org/wp-login.php?redirect_to=http%3A%2F%2Firs-taxattorney.org%2Fwp-admin%2F&reauth=1

This URL works fine when I copy it to the browser address manually (Chrome, Win 7 Pro). Once I login the resulting page appears blank. However, this page at least has source code (which I’ve pasted to the end of this post).

The resulting URL is:

https://irs-taxattorney.org/wp-login.php

This URL works fine (i.e. the form appears and looks correct) if I manually type it in but not when I am redirected to it. The source code of both appears to identical – I have only checked this via my eyeballs. The CSS files in the source are there so missing dependencies that I can find.

Since the HTML source is identical between the 2 pages and 1 appears while the other does not I thought maybe it was just some weird browser problem. However, I tried the same sequence on Firefox 3.6.15 on my Win 7 Home Premium box and Firefox 3.6.16 on my Ubuntu Karmic box. Same results.

I have found some threads suggesting the “client sent HTTP/1.1 request without hostname…” error is a bug in the Ubuntu Lucid (10.04) but not in the older release as the thread repeatedly mentions people only have the problem after upgrading to Lucid. I’m running an older version of Ubuntu on the irs-taxattorney.org server. And there are other domains on that server (showing the same error) which are not having any problems. Those domains run the same WordPress setup targeting other topics from different DBs.

I’m tempted to think that the “client sent HTTP/1.1 request without hostname…” error has something to do with a busted WordPress/PHP redirect script of some sort. The problem is unique to this domain so I figure it must be in the files or DB for this domain.

I think my next course of action is to backup the current irs-taxattorney.org domain, copy over my WordPress files from another domain, fix the wp-config.php and see what happens.

Thanks
Gabe

[Code moderated as per the Forum Rules. Please use the pastebin]

I looked at the error logs and have no idea what they mean. Here’s the error I got after my last attempt to get into wp-admin (and it’s the most common one in the file):

[Wed Apr 06 17:11:35 2011] [error] [client 193.105.210.11] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)

A quick search on the web suggests that this error is nothing to worry about. And I see it on at least other domain on that server which is also WordPress and working fine.

The only other errors in the error log are of the type “Request exceeded the limit of 10 internal redirects…”. They include the URL the IP was attempting to get to and none have wp-admin in them. The error logs are not very big so I’m not getting a lot of repeated errors everyday as people surf the site.

I have some tools which muck with the DB directly. However, I backup first and then run them. I also run them very rarely and usually only when a site is pretty new. However, when I ran that tool on this particular domain it crashed. I reran the tool and the domain appeared fine at the time – this was months ago – so I no longer have the DB backup from before I ran the tool.

Is there something in the DB related to wp-admin that I should look at?

With regard to the plugins I simply moved everything thing from …/wp-content/plugins to another directory leaving …/wp-content/plugins empty. Then I attempted to login. When that accomplished nothing I moved the plugins back into …/wp-content/plugins.

Thanks

I wish I could offer you some advice but it still doesn’t work for me and like you I haven’t heard anything from the author.

OK quick check out of the site and it looks like your fix – i.e., removing the $base line – works.

I deleted the old alabama and alaska sites. I deleted the alaska user but not the alabama one. I then created a new site at /alabama and it popped right up with the WP3 default theme, the title of Alabama Bankruptcy Law, and when I went to the admin site everything appeared to be working.

I’ve activated plugins for the alabama site and check one of them. It no longer had all of the options filled in from the top level blog.

As far as my quick check goes – I think my install is fixed!

My Socrates theme (top level blog) still appears to be screwed up but I think that’s a different issue.

Thanks

Gabe

I saw that thread but it obviously didn’t have the July 3rd postings in it when I created this thread back on July 2nd.

This morning is going to be very busy for me but I’ll try this solution and get back to you.

Thanks for all your help
Gabe

One more thing I’m noticing…

Originally I thought this was just a Theme issue as well but the top level blog should have a title of US Bankruptcy Law – which it does. The alabama and alaska installs should have Alabama Bankruptcy Law and Alaska Bankruptcy Law for the titles. However, when I attempt to visit those sites the title is always US Bankruptcy Law with the result being a 404 page.

In other words I may not be seeing the network sites as you, andrea_r, suggested earlier.

What the heck is going on?

Thanks
Gabe

Yeah the theme doesn’t look right to me either – on Firefox or IE. I’m not sure what happened there but assumed it was a separate theme related issue and not related to this issue.

Under Super Admin->Users I have admin and alabama – both are Super Admins.
Under Super Admin->Sites I have 2 sites listed.

I created a new site – alaska – but I can’t log into it. I had a similar problem with the alabama site when I created it.

The link provided in the email by my WP 3 install for the alaska site is this:
https://us-bankruptcy-law.orgus_bankruptcy_law_org_2alaska/wp-login.php

When I attempt to login via https://us-bankruptcy-law.org/alaska/wp-admin I am forwarded to:
https://us-bankruptcy-law.orgus_bankruptcy_law_org_2alaska/wp-admin/?c=1

Clearly these aren’t valid URLs.

For the alabama network site creation I had to make alabama a Super Admin in order to be able to log in to the alabama network site.

I’m using DreamHost’s One Click Installer on my VPS, which in the past has worked fine. And appears to be working fine for the install of WP 3 site (without a network). DreamHost – at least for their shared hosting – won’t support something necessary for subdomain blogs networks but should have no problem with subdirectory network blogs. I am attempting the subdirectory network.

Thanks
Gabe

Sorry I didn’t say it before but…

Thanks for the help

The site I’m testing with right now is https://us-bankruptcy-law.org/ and https://us-bankruptcy-law.org/alabama.

I’ve asked this on a couple of forums. And some of the suggestions have led to the following additional observations:

1. the alabama user had Super Admin privileges for the network
2. when I removed the Super Admin privileges I could no longer get into the site via the link provided at Super Admin->Sites->… (looks like this https://us-bankruptcy-law.org/wp-admin/ms-sites.php?action=editblog&id=2)
3. If I don’t use the link – https://us-bankruptcy-law.org/wp-admin/ms-sites.php?action=editblog&id=2 – then no matter what I do logging in sends me to a Super User admin dashboard
4. Some plugins I installed, I’ve activated (but NOT network activated), and the options remain the same across all sites

Have you set up the theme for the network site?

I’ve been playing with the networks sites and I’m having quite a bit of trouble so far. My first attempt I had about 10 networks sites all setup and ready to go. They were working and then I made some change to a plugin and poof they were gone. So I’ve reinstalled and now all of my posts go to only the top level domain blog.

My guess is that the network site isn’t quite fully setup yet, i.e. you are missing a theme or have some plugin that doesn’t have all the settings filled in yet. but that’s just a guess.