Global Config page Broken

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
drobertson123
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 102
Joined: Tue Mar 19, 2013 7:04 pm

Global Config page Broken

Post by drobertson123 » Mon Dec 21, 2015 5:11 am

My Global Configuration page loads without any CSS or other outside references. Basicly it is just a raw HTML page that does nothing.

I just noticed the issue in the last few days. I tried doing an upgrade to Joomla 3.4.6, but that did nothing to help the problem.

Yes, I have cleared the Joomla Cache, my browsers cache and every other cache I could find and it didn't fix anything. The normal answer to this problem seems to be to clear your cache, but that did not help.

I set error reporting to maximum, but since nothing is coming through on that page except HTML I can't tell if there are errors or not. Both the Joomla error log, the PHP error log and the Apache2 error log show no errors that seem to be related to this. If someone has a suggestion for an error log to look at I would appreciate the guidance.

As a test I actually downloaded a bootstrap version of the admin template and tried that instead of the standard Isis template (hmm, time to change the name on that one). Regrettably it didn't do anything to fix the issue.

I could seriously use some help on this.

Thanks
Last edited by toivo on Fri Jan 29, 2016 6:42 am, edited 1 time in total.
Reason: mod note: moved to 3.x Security

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11449
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Global Config page Broken

Post by toivo » Mon Dec 21, 2015 7:23 am

Use Firebug or the Web Developer extension in Firefox or Chrome, press F12 and check the Network tab and the Console tab for missing files or javascript errors, which can explain the missing styling.
Toivo Talikka, Global Moderator

drobertson123
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 102
Joined: Tue Mar 19, 2013 7:04 pm

Re: Global Config page Broken

Post by drobertson123 » Mon Dec 21, 2015 7:40 am

I actually did that. I just ran it through Firefox and Firebug again.

The page only has one request and that returns the page HTML. There are no references in the page to anything else. No CSS, no Javascript, no images, nothing.

The page only has the Form tag and its contents. There is no header or body tags at all. It is just a chunk of HTML.

314_ter
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Thu Dec 24, 2015 6:36 pm

Re: Global Config page Broken

Post by 314_ter » Thu Dec 24, 2015 7:32 pm

Hi!
I just registered to report the same problem. I spent two last days looking for any solutions, trying all the ideas i could find with no avail, including all the steps mentioned by OP, resolving all the potential problems with database (Fix), installed components (Discover), clearing cache etc, ensuring the PDO is installed and active, etc. Similar problem in J2.5 has been reported many times, but it looks like the usual fixes are already implemented in the current version.
I'm on Joomla 3.4.7.
The Global Configuration page is rendered without the head section, no css and stops at the beginning of "Database Settings":
Image

Firebug console, Apache error log (reporting set to max) do not show any errors.
Looking at the page source (beginning):
Image

and the end:
Image

it shown an open <form> action, which is not closed. It looks like rendering the page breaks around the database settings section.

drobertson123
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 102
Joined: Tue Mar 19, 2013 7:04 pm

Re: Global Config page Broken

Post by drobertson123 » Thu Dec 24, 2015 8:28 pm

314_ter Yes, this is exactly the problem I am seeing. Thank you for putting up more detailed info.

314_ter
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Thu Dec 24, 2015 6:36 pm

Re: Global Config page Broken

Post by 314_ter » Sat Dec 26, 2015 2:04 pm

FOUND IT!!! :)
Luckily i had an older version of the site on one of my local servers, still on J3.3.6.
I managed to successfully update it to 3.4.8 with the GlobalConfig page working normally. Having that and a second broken version (also updated to 3.4.8 ) on another local server i started to compare the file structure on both.
The broken site had a bclass.php file placed in:

(remove the _ from the last dir, seems like the forum does not like that word)

PATH_TO_JOOMLA_SITE/libraries/joomla/database/d_r_i_v_e_r

which is not present in the old, working fine version of the site.
After removing/renaming that file the Global Configuration page went back to normal.

minchala
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Mar 16, 2015 2:34 am

Re: Global Config page Broken

Post by minchala » Mon Jan 04, 2016 5:03 am

This was PERFECT!! Did the trick for me! Thanks so much!!

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11449
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Global Config page Broken

Post by toivo » Mon Jan 04, 2016 8:17 am

The broken site had a bclass.php file placed in:

(remove the _ from the last dir, seems like the forum does not like that word)

PATH_TO_JOOMLA_SITE/libraries/joomla/database/d_r_i_v_e_r
That file is not part of Joomla. Your site must have been hacked. Follow these instructions in the 3.x Security forum: http://forum.joomla.org/viewtopic.php?f=714&t=757645
Toivo Talikka, Global Moderator

314_ter
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Thu Dec 24, 2015 6:36 pm

Re: Global Config page Broken

Post by 314_ter » Mon Jan 04, 2016 5:42 pm

toivo wrote:That file is not part of Joomla. Your site must have been hacked. Follow these instructions in the 3.x Security forum: http://forum.joomla.org/viewtopic.php?f=714&t=757645
I'm afraid you're right. After doing more research it turned out that file was a PHP backdoor (@extract ($_REQUEST);@die ($c($f));)
Deleting it and doing a deeper security check is highly recommended!

drobertson123
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 102
Joined: Tue Mar 19, 2013 7:04 pm

Re: Global Config page Broken

Post by drobertson123 » Mon Jan 04, 2016 5:44 pm

I have this same issue. I am not a security guru in any way. Does anyone have suggestions for dealing with the security hole this is creating? Or testing the site for security issues in general?

Falcon22
Joomla! Intern
Joomla! Intern
Posts: 58
Joined: Wed Apr 11, 2007 4:16 am

Re: Global Config page Broken

Post by Falcon22 » Mon Jan 11, 2016 5:16 pm

THANKS SO MUCH,
I was looking for a solution to this for weeks and deleting the bclass.php in the /public_html/libraries/joomla/database/driver solved the problem.

drstine
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sat Jun 27, 2009 11:36 am

Re: Global Config page Broken

Post by drstine » Wed Jan 27, 2016 3:06 pm

Yes, [root]/libraries/joomla/database/d_r_i_v_e_r/ on my site contained a bclass.php malware file.

I also found a trojan file called pclass.php dated the same day at libraries/joomla/string/

It's an obfuscated file is clearly a hack and should be removed.

I have the decoded version if anyone is interested in it.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 19739
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Global Config page Broken

Post by leolam » Wed Jan 27, 2016 3:16 pm

That all is not enough. You need to follow (ALL) the steps as outlined in http://forum.joomla.org/viewtopic.php?f=714&t=757645 otherwise your site is not cleansed and you still face the same issue

Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
-> Joomla Webmaster Services: gws-webmaster.services

User avatar
Bernard T
Joomla! Guru
Joomla! Guru
Posts: 782
Joined: Thu Jun 29, 2006 11:44 am
Location: Hrvatska
Contact:

Re: Global Config page Broken

Post by Bernard T » Fri Jan 29, 2016 6:08 am

Thanks to Falcon22 I have been able to directly check what happens on a similarly infected website.
First of all, no JS was used in this case.

* libraries/joomla/database/drive_r/bclass.php
* libraries/joomla/string/pclass.php
* several malware files in templates/atomic/ folder, easily recognizable by random string names
* malware (specially crafted for Joomla, using Joomla framework) injected into a model in components/com_content which enabled automatic creation and random display of spammy links in the main menu
* spammy links inserted into menu database
* modified main index.php file to redirect spammy link from index.html to another HTML file injected into a webroot

As you can see, this attack is specially crafted for Joomla sites, some malicious parts are hard to do recognize. It is utmost important to strictly follow the cleanup instructions provided here, deleting and replacing all core and extension files, to remove files injections and/or extra malware files.
VEL Team || Security Forum || PHP/Web Security Specialist || OWASP member
JAMSS author http://forum.joomla.org/viewtopic.php?f=621&t=777957
Twitter: @toplak

regexaurus
Joomla! Apprentice
Joomla! Apprentice
Posts: 23
Joined: Fri Jul 13, 2012 10:00 pm

Re: Global Config page Broken

Post by regexaurus » Sun Jan 31, 2016 5:31 am

Just reporting that I experienced the same problem--was recently subjected to a hack and went through a cleanup procedure, but found and removed /libraries/joomla/database/driver/bclass.php. This resolved a problem with Global Configuration. Now working through these steps: http://forum.joomla.org/viewtopic.php?f=714&t=757645

jk15060
Joomla! Intern
Joomla! Intern
Posts: 54
Joined: Tue Jul 14, 2009 11:47 pm

Re: Global Config page Broken

Post by jk15060 » Wed Feb 03, 2016 11:01 pm

OMG!! This thread just saved me a world of hurt! Have a former client who needed a bit of help and turns out his site had that bclass.php file in /libraries/joomla/database/driver!!! Once I removed it, I was able to view the Global Configuration again in the backend of Joomla. Now I'm walking through all those security steps just to be sure.

Now I have to figure out why extensions won't install because of a "Site temporarily unavailable. Connection timed out."

THANK YOU THANK YOU THANK YOU for this thread/post and help!!

User avatar
tonymontezuma
Joomla! Intern
Joomla! Intern
Posts: 73
Joined: Mon Apr 14, 2008 3:48 am
Location: Londrina / PR - Brasil
Contact:

Re: Global Config page Broken

Post by tonymontezuma » Mon Feb 22, 2016 6:34 pm

314_ter wrote:FOUND IT!!! :)
Luckily i had an older version of the site on one of my local servers, still on J3.3.6.
I managed to successfully update it to 3.4.8 with the GlobalConfig page working normally. Having that and a second broken version (also updated to 3.4.8 ) on another local server i started to compare the file structure on both.
The broken site had a bclass.php file placed in:

(remove the _ from the last dir, seems like the forum does not like that word)

PATH_TO_JOOMLA_SITE/libraries/joomla/database/d_r_i_v_e_r

which is not present in the old, working fine version of the site.
After removing/renaming that file the Global Configuration page went back to normal.
WORKS VERY WELL FOR ME!!! TKS
DAYS AND DAYS SEARCH ALL THE FORUM RSRS
"Fazer ou não fazer. Tentar não existe"
(Mestre yoda)

VersHandel
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri Feb 02, 2018 10:40 am

Re: Global Config page Broken

Post by VersHandel » Fri Feb 02, 2018 11:01 am

SAME ISSUES, DIFFERENT CAUSE
---------------------------------------
I had the same issues with the global config page, but i could not find any of the already mentioned problems (Joomla 3.8 ).
I have made a backup (Akeeba) of the hosted site and installed it on a small Ubuntu server at home and activated "all errors" to be logged. In the logs i then found this error:

PHP Fatal error: Class 'JDatabaseDriverMySQLi' not found in /<Joomla root>/libraries/joomla/database/driver/mysqli_fab.php on line 21

Since Joomla uses PDOmysql, i decided to rename the file and see what happens.
It solved the issues.

I expect the file to be part of the Fabrik extension. I have detected the issues with the global config after installing Fabrik. However i'm not sure the issues weren't there prior to installing Fabrik.

Maybe this can help others.

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1685
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: Global Config page Broken

Post by fcoulter » Fri Feb 02, 2018 12:40 pm

It is true, that file does seem to be part of Fabrik, it installs the drivers 'mysql_fab.php', 'mysqli_fab.php', 'pdomysql_fab.php' when it installs.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

bracha
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sun Dec 22, 2013 9:12 pm

Re: Global Config page Broken

Post by bracha » Wed Feb 13, 2019 1:51 pm

SAME ISSUE, NO SOLUTION YET
------------------------------------
I am having the same issues with the global config page, but I could not find any of the problems mentioned above (my Joomla version is: 3.3.3 running on Fatcow hosting).

I am not as tech savvy as some of the other members that have commented on this issue above, so any and all detailed help would be greatly appreciated. I have already cleared the Joomla cache several times, but that did not seem to resolve the issue.

Thank you.

User avatar
AMurray
Joomla! Champion
Joomla! Champion
Posts: 5023
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: Global Config page Broken

Post by AMurray » Thu Feb 14, 2019 9:32 am

Given you're way behind in Joomla installs (3.3 ??? ???) instead of 3.9.3 no wonder you have been hacked. You're using very outdated software.

It's not required to have an extensive knowledge of the security implications or any development stuff - it just take a a little effort and time to keep your site safe, and updated. Joomla basically does the work - you just press the button that says "Update"!
Regards,
--------------------------------------------------------------
A Murray
Millennium Falcon - it's the ship that made the Kessel run in less than 12 parsecs! The fastest hunk of junk in the galaxy.

bracha
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sun Dec 22, 2013 9:12 pm

Re: Global Config page Broken

Post by bracha » Mon Feb 18, 2019 10:53 am

I appreciate the incite with regards to the outdated version I am using.
As this is a live site, I have a few concerns, which I would appreciate if you (or any other member, who cares to assist) would address:
1. Is it possible that an update to the latest version will "break" any of the existing functionality in my website?
2. Is the behavior I am experiencing definitely due to a website hack or could it be a different reason that I may be able to fix, without an update? If so, any help would be greatly appreciated.
3. If the problem is due to a website hack, will an update to the latest version differently resolve the problem or is it possible that the issue will remain?

Thank you.
AMurray wrote:
Thu Feb 14, 2019 9:32 am
Given you're way behind in Joomla installs (3.3 ??? ???) instead of 3.9.3 no wonder you have been hacked. You're using very outdated software.

It's not required to have an extensive knowledge of the security implications or any development stuff - it just take a a little effort and time to keep your site safe, and updated. Joomla basically does the work - you just press the button that says "Update"!

gabrieldeluca
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Tue Apr 16, 2019 1:38 pm

Re: Global Config page Broken

Post by gabrieldeluca » Wed Apr 17, 2019 2:23 pm

fcoulter wrote:
Fri Feb 02, 2018 12:40 pm
It is true, that file does seem to be part of Fabrik, it installs the drivers 'mysql_fab.php', 'mysqli_fab.php', 'pdomysql_fab.php' when it installs.
Just rename the files 'mysql_fab.php' and 'mysqli_fab.php' and the problem is solved.

gabrieldeluca
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Tue Apr 16, 2019 1:38 pm

Re: Global Config page Broken

Post by gabrieldeluca » Wed Apr 17, 2019 2:26 pm

VersHandel wrote:
Fri Feb 02, 2018 11:01 am
SAME ISSUES, DIFFERENT CAUSE
---------------------------------------
I had the same issues with the global config page, but i could not find any of the already mentioned problems (Joomla 3.8 ).
I have made a backup (Akeeba) of the hosted site and installed it on a small Ubuntu server at home and activated "all errors" to be logged. In the logs i then found this error:

PHP Fatal error: Class 'JDatabaseDriverMySQLi' not found in /<Joomla root>/libraries/joomla/database/driver/mysqli_fab.php on line 21

Since Joomla uses PDOmysql, i decided to rename the file and see what happens.
It solved the issues.

I expect the file to be part of the Fabrik extension. I have detected the issues with the global config after installing Fabrik. However i'm not sure the issues weren't there prior to installing Fabrik.

Maybe this can help others.
When Fabrik is installed on Joomla 3.9.x, the files 'mysql_fab.php', 'mysqli_fab.php', 'pdomysql_fab.php' are installed in the folder /<Joomla root>/libraries/joomla/database/driver/.
Just rename the files 'mysql_fab.php' and 'mysqli_fab.php' and the problem is solved.

gabrieldeluca
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Tue Apr 16, 2019 1:38 pm

Re: Global Config page Broken

Post by gabrieldeluca » Thu Sep 12, 2019 1:37 pm

En el archivo configuration.php cambiar el $dbtype = 'mysqli' o 'pdomysql' segun corresponda.
Este problema sucede a veces cuando se hace una migración de un hosting a otro.


Post Reply

Return to “Security in Joomla! 3.x”