Web address: http://fiction.thebasiliskcafe.net/
efiction version: 3.5.2
My entire web host account was hacked and I've fixed most of it but some of the efiction files I had were older. Now I am receiving this error on the home page:
_FATALERRORQuery: SELECT * FROM fanfiction_settings WHERE sitekey = 'v7kpbJLMB5'
Error: (1054) Unknown column 'sitekey' in 'where clause'
First try re-uploading all the eFiction files over what's up there now to make sure they're all the latest ones.
What version were you running previously?
I updated the files to a fresh 3.5.2 download and am now getting this error
Fatal error: Call to undefined function accessdenied() in /home/siliel85/fiction.thebasiliskcafe.net/includes/mysqli_functions.php on line 19
As for the previous uploaded files, I think most were 3.5.1
Are you sure you were running version 3? The sitekey field was included from version 3 on...maybe even version 2 but I'd have to check. Did you check not just your files, but your database from this hack? That error is saying that the sitekey field in the settings table is missing. I think you'd better check your database for changes the hacker might have made.
I was running 3.5.2 before the hack, though the fanfiction_settings table on the database only has: welcome, thankyou, nothankyou, rules, copyright, help columns. There is another table fanfiction_stats with a sitekey column.
Your settings table is is looking really strange. What you've listed sounds like some of the messages you can change in Admin > Settings (found in fanfiction_messages).
This is what it's meant to look like:
CREATE TABLE `fanfiction_settings` (
`sitekey` varchar(50) NOT NULL default '1',
`sitename` varchar(200) NOT NULL default 'Your Site',
`slogan` varchar(200) NOT NULL default 'It''s a cool site!',
`url` varchar(200) NOT NULL default ' http://www.yoursite.com',
`siteemail` varchar(200) NOT NULL default 'you@yoursite.com',
`tableprefix` varchar(50) NOT NULL default '',
`skin` varchar(50) NOT NULL default 'default',
`hiddenskins` varchar(255) default '',
`language` varchar(10) NOT NULL default 'en',
`submissionsoff` tinyint(1) NOT NULL default '0',
`storiespath` varchar(20) NOT NULL default 'stories',
`store` varchar(5) NOT NULL default 'files',
`autovalidate` tinyint(1) NOT NULL default '0',
`coauthallowed` int(1) NOT NULL default '0',
`maxwords` int(11) NOT NULL default '0',
`minwords` int(11) NOT NULL default '0',
`imageupload` tinyint(1) NOT NULL default '0',
`imageheight` int(11) NOT NULL default '200',
`imagewidth` int(11) NOT NULL default '200',
`roundrobins` tinyint(1) NOT NULL default '0',
`tinyMCE` tinyint(1) NOT NULL default '0',
`allowed_tags` varchar(200) NOT NULL default '<b><i><u><center><hr><p><br /><br><blockquote><ol><ul><li><img><strong><em>',
`favorites` tinyint(1) NOT NULL default '0',
`multiplecats` tinyint(1) NOT NULL default '0',
`newscomments` tinyint(1) NOT NULL default '0',
`logging` tinyint(1) NOT NULL default '0',
`maintenance` tinyint(1) NOT NULL default '0',
`debug` tinyint(1) NOT NULL default '0',
`captcha` tinyint(1) NOT NULL default '0',
`dateformat` varchar(20) NOT NULL default 'd/m/y',
`timeformat` varchar(20) NOT NULL default '- h:i a',
`recentdays` tinyint(2) NOT NULL default '7',
`displaycolumns` tinyint(1) NOT NULL default '1',
`itemsperpage` tinyint(2) NOT NULL default '25',
`extendcats` tinyint(1) NOT NULL default '0',
`displayindex` tinyint(1) NOT NULL default '0',
`defaultsort` tinyint(1) NOT NULL default '0',
`displayprofile` tinyint(1) NOT NULL default '0',
`linkstyle` tinyint(1) NOT NULL default '0',
`linkrange` tinyint(2) NOT NULL default '5',
`reviewsallowed` tinyint(1) NOT NULL default '0',
`ratings` tinyint(1) NOT NULL default '0',
`anonreviews` tinyint(1) NOT NULL default '0',
`revdelete` tinyint(1) NOT NULL default '0',
`rateonly` tinyint(1) NOT NULL default '0',
`pwdsetting` tinyint(1) NOT NULL default '0',
`alertson` tinyint(1) NOT NULL default '0',
`disablepopups` tinyint(1) NOT NULL default '0',
`agestatement` tinyint(1) NOT NULL default '0',
`words` text,
`version` varchar(10) NOT NULL default '3.0',
`smtp_host` varchar(200) default NULL,
`smtp_username` varchar(50) default NULL,
`smtp_password` varchar(50) default NULL,
`anonchallenges` tinyint(1) NOT NULL default '0',
`anonrecs` tinyint(1) NOT NULL default '0',
`rectarget` tinyint(1) NOT NULL default '0',
`autovalrecs` tinyint(1) NOT NULL default '0',
PRIMARY KEY (`sitekey`)
) TYPE=MyISAM;
That fixed it, thank you guys!
Since that fixed it I would VERY carefully go through your database. The hacker may have left you some hidden surprises. In fact, if you've got a backup of your database from before the hack, I would restore that. If not, I would do searches on the story and chapter titles, summary, and (if storing in the database) the chapter texts for script tags, php code, and anything else you can think of that the hacker might have left. I'd also look carefully at the hooks table in the database that has code in it already, but I'd read through it if I were you to see if there's something that seems out of place. If you store the story texts in files, I'd read through those directories as well to make sure the hacker didn't leave behind any hidden files there.
