By dromango on

I did some changes a month ago and everything worked like suppose to. I dont know how long ago the menus stopped working but I have not done anything since month ago.

dont know if its a drupal problem or server. I am currently checking my host provider.

the website is tenoakaustin.com

If you guys spot anything please let me know.

Categories: Drupal 7.x

Comments

mikebrooks’s picture

mikebrooks commented

A click on each menu link does change the URL. This suggests that your menu links are doing their job - a call is made to the server and the page is rendered.

I compared the source of the Elixer and Contact pages, and they are identical.

It appears that all of your URL paths redirect to the home page.

At the bottom of your page, right above the </body> tag there is suspicious content.

My guess is that your site was hacked. Check the .htaccess file in the document root directory. It may have code that is forcing all requests to the home page. Unless you have customized the .htaccess, file, simply replace it with the default version in the version of Drupal that your are using.

If you use FTP to update your site content, change your password and make it difficult. Also update your site's admin password and likewise make it difficult. Check the User page to see if there any user's that do not belong, and remove them.

Good luck.

dromango’s picture

dromango commented

I appreciate the tips. I does seem like the site is compromised. Still having the issue of the links and accessing the dashboard/admin controls....
1. I changed passwords
2. removed a script code inside html body from index.php
3. replaced code in htaccess

what else should I look at?

current htaccess code
used from this site
https://github.com/drupal/drupal/blob/7.x/.htaccess

mikebrooks’s picture

mikebrooks commented

:>(

Do you have a backup of the site?

Perhaps at this point you should replace the site with the last good backup, i.e. code, files and database.

Btw, was your .htaccess file actually compromised? It would be interesting to know what the hack looked like.

dromango’s picture

dromango commented

last backup was 8 months ago.... im not looking forward to fixing a backup with previous corruption for such basic layout. drupal been difficult to work with.

you can see the htcaccess code here if it has been compromised
tenoakaustin.com/htaccesscode.txt

mikebrooks’s picture

mikebrooks commented

Have you spoken with your hosting service yet about this problem? Perhaps they can restore the site from a server image that dates prior to the occurrence of the problem, but more recent than 8 months old.

If your site is hacked, and you do not have a good backup, rebuilding the site may be your only choice.

BEFORE YOU PROCEED, TAKE A FRESH BACKUP OF THE PRODUCTION SITE (all files and database) for safe keeping.

The database in which the configuration is stored, may not have been hacked. If so, you can update Drupal core, contributed modules and themes with the latest versions, one by one, until the problem is hopefully resolved. (This assumes you have not modified core or contributed projects).

If your site has been hacked, there may be files in your server that were put there by the perpetrator. Be sure to remove any files that are not part of Drupal core or contributed projects, unless you know what they are and know they are safe.

I recommend that you try to fix the problem in a local development environment before attempting changes on your production server.

Once resolved in the local environment, you can then update the production site with the working copy.

P.S. As you are new to Drupal forums, I'll point out something you may not know. This is a community forum in which participants such as myself volunteer their time. We try our best, but may not always have their best answer. Advice offered is without warranty. Check out https://www.drupal.org/forum-posting, if you have not already done so.

VM’s picture

VM commented

This does not seem to be a menu issue (menus go to the proper paths) nor does it seem to be a hack. It seems to be an issue with the theme and the content somehow being excluded.

Are there any errors in your drupal logs related to the problem?

If you switch to a core theme does the issue persist?

mikebrooks’s picture

mikebrooks commented

Good suggestions from VM.

I still suspect a hack. The copy of the source I looked at two days ago had the HTML shown below just below the Google Analytics script tag. Today it is no longer there. 

<script type="text/javascript">/* <![CDATA[ */(function(d,s,a,i,j,r,l,m,t){try{l=d.getElementsByTagName('a');t=d.createElement('textarea');for(i=0;l.length-i;i++){try{a=l[i].href;s=a.indexOf('/cdn-cgi/l/email-protection');m=a.length;if(a&&s>-1&&m>28){j=28+s;s='';if(j<m){r='0x'+a.substr(j,2)|0;for(j+=2;j<m&&a.charAt(j)!='X';j+=2)s+='%'+('0'+('0x'+a.substr(j,2)^r).toString(16)).slice(-2);j++;s=decodeURIComponent(s)+a.substr(j,m-j)}t.innerHTML=s.replace(/</g,'&lt;').replace(/>/g,'&gt;');l[i].href='mailto:'+t.value}}catch(e){}}}catch(e){}})(document);/* ]]> */</script>
<script language="Javascript">document.write("<div style=\"position: absolute; top: -999px;left: -999px;\">");</script>Lions DE Jason Jones signs with Dolphins
MIAMI – Former Detroit Lions defensive end Jason Jones has signed with the Miami Dolphins,<a href="http://www.baypackersfansshop.com/aaron-rodgers-jersey-c-1_20/">Aaron Rodgers Jersey</a> adding depth and flexibility to a front four that should be formidable next season.
The deal today was confirmed by the agent for Jones, Michael McCarthney.<a href="http://www.dolphinsonlineshop.com/ryan-tannehill-jersey-c-1_2/">Ryan Tannehill Jersey</a> Jones, a product of Southfield-Lathrup and Eastern Michigan, is expected to back up another Miami newcomer,<a href="http://www.nygiantsvipshop.com/eli-apple-jersey-c-1_37/">Eli Apple Jersey</a> Mario Williams, and Cameron Wake, who is coming off Achilles tendon surgery.<a href="http://www.nyjetsvipshop.com/darron-lee-jersey-c-1_31/">Darron Lee Jersey</a>
Miami also added veteran defensive end Andre Branch this off-season.
Jones, who also can play tackle,<a href="http://www.dallascowboysonlinestore.com/tony-romo-jersey-c-1_46/">Tony Romo Jersey</a> started 31 games the past two seasons for the Lions. He'll be reunited in Miami with tackle Ndamukong Suh.
Suh,<a href="http://www.baypackersfansshop.com/clay-matthews-jersey-c-1_25/">Clay Matthews Jersey</a> Williams and Wake are four-time Pro Bowl players. Miami sought upgrades in the line under new coach Adam Gase (Michigan State) after tying for 26th in sacks and ranking 28th in run defense last season.
Copyright 2016 The Associated Press.<a href="http://www.titansvipshop.com/justin-hunter-jersey-c-1_48/">Justin Hunter Jersey</a> All rights reserved. This material may not be published, broadcast,<a href="http://www.nygiantsvipshop.com/eli-manning-jersey-c-1_13/">Eli Manning Jersey</a> rewritten or redistributed.
The run-stopping, edge-setting defensive end,<a href="http://www.nyjetsvipshop.com/eric-decker-jersey-c-1_20/">Eric Decker Jersey</a> who has the capability of playing inside at defensive tackle, played 31 of 32 games over the past two seasons. He missed most of his first season with the Lions (2013) after suffering a torn left patellar tendon in Week 3.<a href="http://www.seahawksvipshop.com/germain-ifedi-jersey-c-1_46/">Germain Ifedi Jersey</a>
Before Detroit, Jones played one season with Seattle and four with Tennessee, which selected the Eastern Michigan product in the second round of the 2008 draft. Jones has 175 career tackles, with 28 sacks, 10 forced fumbles and one fumble recovery.
ESPN NFL Nation reporters Michael Rothstein and James Walker contributed to this report.<script language="Javascript">document.write"</div>";</script>
dromango’s picture

dromango commented

I've remove that code from the index PHP. I'll look into what's being suggested from you and VM. Thank you for your help and patience I will look into and reply back. where are the Drupal logs?

mikebrooks’s picture

mikebrooks commented

No problem.

To access Drupal logs:

1) Enable the module Database logging (dblog)
2) Navigate to Reports > Recent log messages (/admin/reports/dblog)

dromango’s picture

dromango commented

I couldn't access admin/user page or its log, it just redirects me to the main page.

I did the backup restore I had 8 months ago.

Here is what I noticed after I did the restore,

index.php in ftp manager shows 

<?php

/**
 * @file
 * The PHP page that serves all page requests on a Drupal installation.
 *
 * The routines here dispatch control to the appropriate handler, which then
 * prints the appropriate page.
 *
 * All Drupal code is released under the GNU General Public License.
 * See COPYRIGHT.txt and LICENSE.txt.
 */

/**
 * Root directory of Drupal installation.
 */
define('DRUPAL_ROOT', getcwd());

require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
menu_execute_active_handler();

When I edited index.php, thats when things get weird.

I restored everything back to current and replaced index.php from the previous backup without issues. :)

mikebrooks’s picture

mikebrooks commented

Good news. I see the menus are working now.

I suspect that your version of Drupal 7 has not been updated in a while. Same may be the case for contributed modules that you use. One way to keep your site secure is to keep it current. The current version of Drupal 7 is available for download at https://www.drupal.org/project/drupal (version 7.50).

Cheers - Mike