Baikal stopped working, now exec format error

[fronzelneekburm84]

Hello. First of all: thank you for this great tool. I have been using Baikal for a couple of years, syncing my calendar and address books between my phones and different desktop and laptop computers.

A while ago, I suddenly got error messages in TBSync (Thunderbird) and DavX5 (Android/Graphene). It's a mystery: I hadn't changed a thing on my configuration. My web host also claims to not have changed a single thing.

I also noticed I can't reach the Baikal web environment anymore.

Yet, it doesn't work. I have been trying a clean install, but I cannot reach it. The error I get is 'exec format error'.

Check out: https://jjkoning.nl/cgi-bin/baikal/html/ (original installation) https://jjkoning.nl/cgi-bin/bcalcard/html/ (new attempt of an installation)

I hope anyone with a bit of knowledge of this can help me out or point me in the right direction where I should find a solution. (I by the way would gladly hire a professional to fix it for me, I just need it to work....)

Thank you!

[HDValentin]

Could you proviede some more information on your hosting environment? Which PHP Version are you using? Have you tried to put it outside the cgi-bin directory, for example in https://jjkoning.nl/baikal/html/?

[fronzelneekburm84]

Thanks for your response, really appreciated it! Additionally it may be useful to post the error that TB Sync in Thunderbird returns:

---

URL: http://jjkoning.nl/baikal/html/dav.php/calendars/pixelsociety/default (PROPFIND)

Request:

Response: Composer detected issues in your platform: Your Composer dependencies require a PHP version ">= 8.1.0". ----------------------------------------------------------------------------------------------- I never noticed this before, but since you also asked for my PHP version... I found a "PHP Selector" app in my DirectAdmin. It was set to 7.3. I changed it to 8.3 (the highest possible option). Now the TB Sync error changed: ----------------------------------------------------------------------------------------------- URL: http://jjkoning.nl/cgi-bin/baikal/html/dav.php/calendars/pixelsociety/default (PROPFIND) Request: Response: lscgid: execve():/home/web1749/domains/jjkoning.nl/public_html/cgi-bin/baikal/html/dav.php: Exec format error ----------------------------------------------------------------------------------------------- That resembles the error I get when I visit the php file directly in my web browser. Now I followed your advice, placed it outside the cgi-bin. Now the error changes to: ----------------------------------------------------------------------------------------------- Could not find a CalDAV server. ----------------------------------------------------------------------------------------------- (I did update the "baikal.yaml" file with the different path outside cgi-bin. Hope you see something interesting here.... Thanks again!

[HDValentin]

On the place it was before: Can you execute a composer update in the shell? Or something similar at your hosters admin interface?

The admin-page is inaccessible: https://jjkoning.nl/cgi-bin/baikal/html/admin/

Is there a .htaccess file in the baikal folder?

[fronzelneekburm84]

You mean put it back outside the cgi-bin? It is currently inside the cgi-bin again.

There is no .htaccess file in /baikal and also not in /baikal/html/admin there is one in /baikal/html

it says

---

Disabling cache management

that could cause problems with DAV requests

Useful only for Apache servers, with AllowOverride All

(ie, .htaccess files enabled)

Allow HTTP headers with Apache/FastCGI

See http://code.google.com/p/sabredav/wiki/Authentication#Apache_+_(Fast)CGI

RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] ExpiresActive Off Redirect 308 /.well-known/caldav /dav.php Redirect 308 /.well-known/carddav /dav.php

---

(hope it is not unsafe to share this information, may delete it later.)

As for 'execute a composer update ion the shell' -> I'm afraid I am unfamiliar with what composer is and how this works.

[HDValentin]

It should sit in baikal/html/

The initial .htaccess file looks like

# Disabling cache management
# that could cause problems with DAV requests
# Useful only for Apache servers, with AllowOverride All
# (ie, .htaccess files enabled)

# Allow HTTP headers with Apache/FastCGI
# See http://code.google.com/p/sabredav/wiki/Authentication#Apache_+_(Fast)CGI

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>

<IfModule mod_expires.c>
    ExpiresActive Off
</IfModule>

<IfModule mod_alias.c>
    Redirect 308 /.well-known/caldav /dav.php
    Redirect 308 /.well-known/carddav /dav.php
</IfModule>

I am interessted how you have installed your baikal on the hosting. Have you downloaded the zip file at Releases or have you used docker, composer or something else?

[fronzelneekburm84]

Ah so if I understand you correctly: "it should sit in baikal/html/" means I need to have a .htaccess file in baikal/html/ That's the current situation. Only baikal/html has the .htaccess file.

Should I change the contents of the .htaccess file to that code you just gave me?

I am not familiar with docker or composer. I am only familiar with mysql and php and I just manually unpacked it. I installed it back in -I think- 2020 or so. By just unpacking the zip file and modifying the files with the settings (database settings etc.). It worked fine for a couple of years. Then, suddenly, out of nowhere, it stopped. My web host says he didn't change anything either, so it's kind of a mystery what happened.

[HDValentin]

That's the current situation. Only baikal/html has the .htaccess file.

That is good.

Should I change the contents of the .htaccess file to that code you just gave me?

The question is: Why is it different? And are there more files different to the files in the release zip file?

By just unpacking the zip file and modifying the files with the settings

It is a common way to do this.

Then, suddenly, out of nowhere, it stopped. My web host says he didn't change anything either, so it's kind of a mystery what happened.

This sounds a bit weird. Which Version was installed at last?

What you can try

Make a new folder on https://jjkoning.nl/ for example "testbaikal" Upload the contents of the 0.9.5 to this folder. Is the new baikal running there?

What else

Could you please post the content of your baikal/config/baikal.yaml file? Before posting here delete sensitive information, like admin_passwordhash and database informations

[fronzelneekburm84]

Wow! I got it working! I did what you said: used a clean install. I used that to connect to my already existing databases... and now I got access to all my original calendar and card content! Phew, that's such a MAJOR relief, I'm so happy with this.

So... I still don't really know what happened. I see two real changes:

• Placing the app outside cgi-bin (but why did it work in cgi-bin before? hmm... anyway, glad it works!)
• My htaccess, yaml etc. files got modified. Is it possible I got hacked? I also see some curious users in my database-user list.... in that case, the last advice I ask you is: is there anything I should do after installing Baikal to protect it against some form of hacking?

Curious about your thoughts. Also: really grateful for your help! If there's anything I can do, let me know! Thanks!

[ByteHamster]

The error message complains about execve but Baikal does not use execve anywhere.

Is it possible I got hacked?

I tend to believe yes. Otherwise I cannot explain where that execve could come from. As far as I know, adding execve is a common way to add backdoors to servers.

is there anything I should do after installing Baikal to protect it against some form of hacking?

This is likely not a problem of Baikal but a problem of your entire server. If there is something that can modify Baikal's source code, it has much more privileges on your server than just anything related to Baikal. Also, it has probably added backdoors to other files on your server.

This likely either comes from another project on your server or directly through ftp. You probably chose a weak password somewhere. My suggestion would be to remove all php files on the server, change your ftp password, and install everything from scratch again.

Closing because the Baikal problem is solved and the remaining server problem is outside the scope of Baikal.

[fronzelneekburm84]

Well thank you again so much and I will immediately see to those actions you recommend. Really grateful for your help, thank you!