Guest Posted September 10, 2008 Posted September 10, 2008 Someone modified my site ( http://www.grillcharms.com/catalog/index.php ) and now it isn't working properly. The only change I could find was on the index.php page. I fixed it now but they had basically uploaded a completely new index page with a few new meta tags: <META NAME="description" CONTENT=" Dr. Singha Acupuncturist promoted alternative preventative medicine holistic natural therapies Ayurveda herbal remedies essential oils massage & hydrotherapy mustard baths for detoxification immune support muscle pain stress relief circulation colds/flu."> <meta NAME="keywords" CONTENT="Dr. Singha, Mustard Bath, Mustard Rub, Tummy Tonic, Travel Tonic, Health Tonic, Morning Comfort, Sick Building Spray, bath, spa, health, ayurvedic, acupuncture, diet, recipes, book, tonic, healing, health, sex, body, camphor, oils, massage, remedy, cooking, naturopathy, homeopathy, osteopathy"> If I wouldn't have made changes with contributions to my index page I would have never noticed this. The next thing is that when you enter your credit card info to make a purchase after you hit submit it takes you to a blank page. I left clicked and here is the code on that page: <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html dir="LTR" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Grill Charms</title> <base href="https://grillcharms.com/catalog/"> <link rel="stylesheet" type="text/css" href="stylesheet.css"> </head> <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0"> <!-- Begin Daddyroy's Alert --> <br /> <b>Catchable fatal error</b>: Object of class virtual_merchant could not be converted to string in <b>/home/grillcha/public_html/catalog/checkout_confirmation.php</b> on line <b>104</b><br /> Is someone stealing my clients credit card info??? I cannot find another file on my site that has been modified. Does anyone have any ideas? Also, I contacted the company that was mentioned in the meta tags and they had no idea what I was talking about and I beleived them. They are just a small company. I thought it was interesting that they were using the same hosting company as me (hostgator) and they also use OSC. I also noticed a few things in my sites error logs around the same time the index.php file was modified. Here is the error, it occurs several times. [04-Sep-2008 00:49:09] PHP Warning: Zend Optimizer for PHP 5.2.x cannot be found (expected at '/usr/local/Zend/lib/Optimizer-3.3.0/php-5.2.x/ZendOptimizer.so') - try reinstalling the Zend Optimizer in Unknown on line 0 Also I have a version of OSC that I thought was current, it is about a year old. I am about to start updating it but wanted to find the problem here first.
carryG Posted September 10, 2008 Posted September 10, 2008 do you have ssl certificate installed? Credit card information should be safe if you have ssl installed AND are using no mods that allow you to capture credit card data and SSL is enabled in your configs.php files.
♥joli1811 Posted September 10, 2008 Posted September 10, 2008 do you have ssl certificate installed? Credit card information should be safe if you have ssl installed AND are using no mods that allow you to capture credit card data and SSL is enabled in your configs.php files. hi check your login.PHP and the index and login.php also in admin I would also change the name of my admin folder to XXXXXX you have to make the change also in admin/includes/configure.php To improve is to change; to be perfect is to change often.
hfsys Posted September 10, 2008 Posted September 10, 2008 Two of my sites were compromised last night too. Any help/advise will be greatly appreciated.
Guest Posted September 11, 2008 Posted September 11, 2008 hicheck your login.PHP and the index and login.php also in admin I would also change the name of my admin folder to XXXXXX you have to make the change also in admin/includes/configure.php What exactly do I check on those pages??? Also, I do have SSL installed. What does this error code mean??? Catchable fatal error: Object of class virtual_merchant could not be converted to string in /home/grillcha/public_html/catalog/checkout_confirmation.php
♥joli1811 Posted September 11, 2008 Posted September 11, 2008 Well I had a lot of problems a few months ago with hackers using eval unescape script went on for months be wary off a long list of numbers ///<script>eval %77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3///// looks something like this but a lot longer. To improve is to change; to be perfect is to change often.
hfsys Posted September 11, 2008 Posted September 11, 2008 Are you a Host Gator customer by chance? When this happened to me yesterday, I entered a trouble ticket with Host Gator Security. They didn't seem too overly concerned from their response. Then I emailed the actual site that the information was from, the Dr. Singha's site. They responded back today. It looks like an Internal issue at Host Gator to me, now. Their email and my email are below. -------------------------------------- Hello Joe, I have just had a live chat with Host Gator and below is their reply. If you have any questions please contact us. Morris Todd ************** 512-444-**** -------------------------------------------------------- Ibuomi A.: Issues such as these need to be investigated into by our security department as we do not take likely to our system being compromised. We will need details of these issues sent to security @ hostgator . com and we will get to the bottom of it so that it doesn't ever occur again -------------------------------------------------------- Dear Joe, I have no idea what is going on. Sounds awful. It happened to us once. We use Hostgator. We are contacting them. Do you use them too? Please feel free to call us. Anna Searles *********** 512-444-**** On Sep 11, 2008, at 10:57 AM, Info wrote: > > ------ Forwarded Message > From: Joe Schmoe <[email protected]> > Date: Wed, 10 Sep 2008 21:34:34 -0400 > To: "info@******.com" <info@d*****.com> > Subject: Website Hacked > > To Whom It May Concern, > > I would like to know why I have Keywords and Description for your site, now > in my two of my sites. Someone has hacked into two of my osCommerce sites, > messed them up and put your information in there. > > Joe Schmoe >
skunkbad Posted September 12, 2008 Posted September 12, 2008 Well I had a lot of problems a few months ago with hackers using eval unescape script went on for months be wary off a long list of numbers ///<script>eval %77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3///// looks something like this but a lot longer. Do you know where they input this from? I have removed the reviews.php page, as well as many others that allow people to post stuff that will appear on screen. I'm going to take a closer look at some of the contributions that filter input better. I haven't got hacked yet, but don't want to! No Links To My Website Here!
Guest Posted September 12, 2008 Posted September 12, 2008 Are you a Host Gator customer by chance? When this happened to me yesterday, I entered a trouble ticket with Host Gator Security. They didn't seem too overly concerned from their response. Then I emailed the actual site that the information was from, the Dr. Singha's site. They responded back today. It looks like an Internal issue at Host Gator to me, now. Wow, sounds like we have the exact same problem. Yes I use hostgator and so does the Dr singhas site. I actually contacted that company by phone and was pretty rough with them and I have to say I actually beleived the lady when she said she had nothing to do with this. I can't get hostgator to admit to crap and they seem to be trying to blame it on me somehow.... looks like it is time to find a new host, im sick of their BS!!!! Anyway, I think the errors I am getting are related to the PHP update they just did for all of the reseller accounts but im still not sure. Keep me posted on what u find out on this.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.