On Fri, Dec 17, 2010 at 7:04 PM, prothero <prothero@geol.ucsb.edu> wrote:

Folks:
Not only do I get this error code, but several modules on my site have stopped working. The only thing I did was install the security module and mess with permissions on the /tmp folder. Sheesh! Very frustrating.

Bill

William A. Prothero
http://earthednet.org/

On Dec 17, 2010, at 10:56 AM, prothero wrote:

Folks:
Thanks for the link to the security test.
I installed it, BUT, when I was messing with my permissions, so fix various file permissions, I did something very simple that caused an error message all through the site:

--message:
user warning: Can't create/write to file '/tmp/#sql_3cb2_0.MYI' (Errcode: 13) query: SELECT DISTINCT b.* FROM blocks b LEFT JOIN blocks_roles r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = 'solarsentinel' AND b.status = 1 AND (r.rid IN (2) OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module in /home/wap/public_html/modules/block/block.module on line 433

--end message.

I understand that the error is in permissions for the /tmp directory. I got this error when I changed permissions, but now when I do chmod -R 0777 (as a test), I still get the error. This should set the permissions to "Everybody can do anything". What's up? I'm not a unix expert, but not a novice either and this confuses me. Does the "#" char at the start of the file name mean the file is invisible, ??

Regards,

Bill

William A. Prothero
http://earthednet.org/

On Dec 16, 2010, at 11:00 PM, prothero wrote:

I had a similar hack happen. I had about 7 comments on a blog, in Russian, from an anonymous user. I have permission set so only registered users can make comments. Hmmm... I deleted them, but wonder what I should do to stop this in the future. I did set capcha so that comments require it. Drupal 6.19.
Regards,
Bill

William A. Prothero
http://earthednet.org/

On Dec 16, 2010, at 9:32 PM, Shai Gluskin wrote:

Hi gang,

The author and URL of an anonymous comment was changed about three months after the comment was originally posted. The change happened last week. The new name was in Chinese and the URL is to a Chinese web site. The content of the comment was not changed.

I've never had anything like that happen before. After I discovered this I changed user/1 pw (that is the only account on the site with admin privileges).

There is no other evidence of other damage at the site that I found in the wake of this discovery.

(Site was using 6.19 at the time of the breach).

I'm stumped. Ideas anyone?

Shai
--
[ Drupal support list | http://lists.drupal.org/ ]

--
[ Drupal support list | http://lists.drupal.org/ ]

--
[ Drupal support list | http://lists.drupal.org/ ]

--
[ Drupal support list | http://lists.drupal.org/ ]

Fax: +44 (0)160 421 2871
Skype: steev_initsix
www.initsix.co.uk :: Initsix Heavy Engineering Limited
--
This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Initsix Heavy Engineering Limited.
If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone.
Please contact the sender if you believe you have received this email in error.

Initsix Heavy Engineering Limited
Registered in the UK: 5036938
Registered Address: 243 Kettering Road, Northampton, NN2 7DU, England.