A client contacted us on Friday of last week and told us that he had the following weird problem: every time he clicked on Read Messages (which is located in the You have post-installation messages box) in the backend of his Joomla website, he saw a blank page.
A blank page in Joomla, as you may already know, is a definitive sign of a PHP fatal error somewhere… So, in order to see the error, we set the Error Reporting value to Maximum in the configuration settings, and then we clicked again on the Read Messages link, and we saw the following error:
Fatal error: Class ‘FOFRenderDirs24’ not found in libraries/fof/view/view.php on line 966
Hmmm! What is that FOFRenderDirs24 class? Something smelled very fishy as we have never heard of that class before…
In any case, we checked the line 966 of the view.php file (which is located under the libraries/fof/view folder), and its job was to instantiate an object from a PHP class which name is based on appending the word FOFRender with the name of each and every file name in the libraries/fof/render folder. For example, if the libraries/fof/render folder had two files, one is called first.php, and the other is called second.php, then line 966 would instantiate two objects, one from class FOFRenderOne and the second from class FOFRenderSecond, which means that the first file must define a class called FOFRenderOne, and the second file must define a class called FOFRenderSecond (yes, we know, it’s starting to get confusing a bit – just don’t ask to repeat this paragraph).
Now, the fact that line 966 was failing when instantiating an object from class FOFRenderDirs24 meant only one thing: that there is a file called dirs24.php in the libraries/fof/render and that that file doesn’t define a class called FOFRenderDirs24. So, we checked the libraries/fof/render, and we noticed that we had six files in there, instead of 5 on a standard Joomla 3.6.2 website, and one of them was a zero byte file called dirs24.php. As you might have probably guessed, the dirs24.php was the intruder file, and so deleting that file fixed the problem.
But where did that file come from?
As we have mentioned earlier, the website was previously hacked and freshly cleaned. The cleanup work was done by an automated tool, which emptied files with purely malicious content. The thing is, with Joomla, emptying files (instead of deleting them) is a bad strategy, as the Joomla engine, in certain directories, automatically tries to define classes (and instantiate objects based on those classes) based on the filenames in those directories.
So, if your Joomla website is showing a blank page or a fatal error when you click on that Read Messages button, then you should check the libraries/fof/render for any intruder. If there isn’t any, then the problem might lie elsewhere, and you may need some Joomla experts for help. So go ahead, contact us, we will solve the problem for you, and we won’t charge you an arm and a leg (or even a toe) for it!