Late last night I realized that the traffic for Question-Defense.com was way down for the day and thought it was related to some recent updates I had performed on the site. I spent probably an hour or so last night verifying that nothing was out of the ordinary with the site and wasn’t able to find any issues. Upon waking up this morning the traffic again was extremely low for this time of the day even on a Saturday so we started to investigate. One of the referrers that traffic had dramatically decreased for was Google so we went to Google and performed a search that we knew would return a link to Question-Defense.com. Sure enough upon clicking on the link to Google we hit the question-defense.com URL and then we were immediately redirected to finditnow.osa.pl. Below we describe the issue in more detail, provide specifics about how our site was hacked, and provide the information needed to locate and resolve the problem.
Failed loading /usr/sbin/ioncube_loader_lin_5.2.so: /usr/sbin/ioncube_loader_lin_5.2.so: undefined symbol: zend_error_noreturn
After upgrading PHP recently on a CentOS Linux server from PHP 5.2.X to PHP 5.3.X I ran into numerous minor issues. One of the issues was with a web application that requires the ionCube PHP Encoder libraries to function properly. After upgrading PHP I noticed some errors in the Apache error logs including the ionCube Apache module that was failing to load. Below I display the entire error from the Apache error_log file and how to easily resolve the issue by installing a single package via the Yum Package Manager.
I recently upgraded a CentOS Linux servers PHP from 5.2.X to 5.3.X and ran into a couple minor issues along the way. One of the issues was the fact that one of my applications was complaining about PHP’s date function by letting me know that it could not rely on the system’s timezone setting. Fixing this problem is extremely easy and can most likely be resolved by a quick edit to the servers php.ini file as described in detail below.