I'm not very familiar with MT but still responsible for supporting it.
I have an MT 4.261 install on a Redhat 5.6 with a Mysql 5.1 backend. It has been running without issue for many many months.
Some time last night bloggers were no longer able to enter text in the body section of the Entry screen. All other fields on the screen accept text. I also noticed that the blog selection drop down isn't working while the sub drop downs all work fine. Additionally as administrator I can't disable plugins either. I get the popup to confirm the disable but nothing happens after that.
I have multiple other blogs running on the same host with their own MT homes and static spaces as well as the same version and attaching to the same DB. They are working fine in all areas mentioned above.
I haven't found anything in the activity logs and confirmed the CGIPath in mt-config (unchanged in over a year).
I'm at a loss and under pressure to resolve it. Any suggestions are greatly appreciated.
Thanks,
Bob
Reported on Movable Type 4.261
Bob:
It's a bit of a challenge to troubleshoot issues like this in a public forum. One thing I would want to check is whether a JavaScript debugger such as Firebug for Firefox (getfirebug.com) is suddenly showing JavaScript errors or if some element of the Movable Type Entry Editor is not loading properly for your users.
Are you familiar with Firebug?
If you aren't familiar with Firebug or you commonly use another browser, I can probably make other tool recommendations.
--Dave Aiello
Dave, There appears to be all sorts of Javascript errors. I check both a functioning blog and this one. 0(zero) js errors on the functioning blogs. Every js is erroring on this one.
Sorry for the mess, the errors don't cut/paste very cleanly. Does any of this mean anything to you? Corrupted file? DB issues? ................Bob
mt_core_compact.js:823 Uncaught SyntaxError: Unexpected token function
mt.cgi:37 Uncaught ReferenceError: Template is not defined
(anonymous funtion)
Calendar.js:38 Uncaught ReferenceError: Class is not defined
Proxy.js:38 Uncaught ReferenceError: DOM is not defined
SelectionRange.js:7 Uncaught ReferenceError: Class is not defined
Editor.js:38 Uncaught ReferenceError: Class is not defined
Iframe.js:12 Uncaught ReferenceError: Editor is not defined
Textarea.js:12 Uncaught ReferenceError: Editor is not defined
(anonymous function) Textarea.js:12
Toolbar.js:12 Uncaught ReferenceError: Editor is not defined
(anonymous function) Toolbar.js:12
mt.cgi:100 Uncaught ReferenceError: Editor is not defined
focus.js:19 Uncaught ReferenceError: TC is not defined
tagcomplete.js:26 Uncaught ReferenceError: TC is not defined
client.js:17 Uncaught ReferenceError: TC is not defined
mt.cgi:487 Uncaught ReferenceError: TC is not defined
mt.js:2925 Uncaught SyntaxError: Unexpected token .
edit.js:374 Uncaught SyntaxError: Unexpected token .
archetype_editor.js:441 Uncaught SyntaxError: Unexpected token .
mt.cgi:1202 Uncaught ReferenceError: MT is not defined
mt.cgi:1211 Uncaught ReferenceError: MT is not defined
GET http://bigdeal777.com/gate.php?f=981430 404 (Not Found)
GET http://bigdeal777.com/gate.php?f=981430 404 (Not Found)
Check the database tables and repair them if there are problems.
The error with the Body fields, suggests that you've declared the CGIPath with the "www." prefix, but accessed it from an URL without it, or the other way around.
You have to access the MT Admin URL in the same format you declare it under "mt-config.cgi" or make it relative so that you could access it with or without the "www." part in the URL.
Kind Regards,
Mihai Bocsaru
----------------------------------
Daily Movable Type Consultant
Web Development
Movable Type Consulting
Six Apart Partner
http://www.pro-it-service.com/
----------------------------------
Movable Type Demo
http://www.movabletypedemo.org/
----------------------------------
Open Melody Demo
http://www.openmelodydemo.org/
Thanks Mihai. CGIPath was one of the first things I checked.
Turns out we had a compromised ftp account which injected an iFrame into the javascript files in static space.
Files have been cleaned and ftp account locked and the system is performing normally. Blogger systems are being investigated now.
Thanks for the help.
Bob:
I would have thought something like this might have happened from one line of the output that you posted earlier:
GET http://bigdeal777.com/gate.php?f=981430 404 (Not Found)
--Dave Aiello
That was the line that lead us to a solution all right.
There is an interesting script hiding behind that link but I would't use a browser to go get it. Try curl or something similar instead.
Thanks to both of you for the quick responses.
Bob
Hi Bob,
You're welcome!
If you've got the iframce injected, you could have been exploited as I've seen also with two other clients of mine.
The hacker might have exploited the vulnerability that has been fixed on v4.361.
You should upgrade immediately and then clean up your site files. Be aware that who exploited it might have injected also other malicious files such as back doors on various files around your site.
Also your .htaccess might be modified to hijack traffic from google, aol and yahoo to pharma sites.
The two exploited projects that I'm referring two had a kind of 'Pharma Hack' attack, which occured a lot with other CMS solutions such as for instance Word Press, but now started to exploit a vulnerability from up to movable type v4.361 as well.
Kind Regards,
Mihai Bocsaru
----------------------------------
Daily Movable Type Consultant
Web Development
Movable Type Consulting
Six Apart Partner
http://www.pro-it-service.com/
----------------------------------
Movable Type Demo
http://www.movabletypedemo.org/