DorianJ Posted December 20, 2008 Share Posted December 20, 2008 Something is hijacking my osCadmin settings. When a new customer signs up, it is requiring them to enter their date of birth. If I change this setting in Admin > Configuration > Customer Details > Date of Birth = false, nothing changes. It remains TRUE. I even changed this value in phpMyAdmin to false. As soon as I open a test account, this value is reset to true. What is causing this? -Dorian Link to comment Share on other sites More sharing options...
Jan Zonjee Posted December 20, 2008 Share Posted December 20, 2008 What is causing this? Sounds impossible but perhaps you used that contribution to cache the values from the table configuration. Link to comment Share on other sites More sharing options...
FIMBLE Posted December 20, 2008 Share Posted December 20, 2008 are you able to save any admin settings? Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
DorianJ Posted December 20, 2008 Author Share Posted December 20, 2008 Sounds impossible but perhaps you used that contribution to cache the values from the table configuration. I honestly have no idea what contrib that would be. -Dorian Link to comment Share on other sites More sharing options...
Jan Zonjee Posted December 20, 2008 Share Posted December 20, 2008 I honestly have no idea what contrib that would be. Faster Page Loads, Less DB queries Link to comment Share on other sites More sharing options...
DorianJ Posted December 20, 2008 Author Share Posted December 20, 2008 are you able to save any admin settings? Yes. I can save all the settings for "Customer Details". I can log out of the osCadmin and log back in and all of those settings are still saved. As soon as this page loads (https://...com/create_account.php), then the database value for Date of Birth is automatically changed to true and it forces the customer to enter their DOB before letting them checkout! Not good! :angry: -Dorian Link to comment Share on other sites More sharing options...
DorianJ Posted December 20, 2008 Author Share Posted December 20, 2008 Faster Page Loads, Less DB queries Nope, I know for a fact I have not installed that contrib. -Dorian Link to comment Share on other sites More sharing options...
GemRock Posted December 20, 2008 Share Posted December 20, 2008 i would rather delete the code for dob (both entry & validation) in relevant files eg creat account etc. for the time being, ang then look back & find out if you bother... Ken commercial support - unProtected channel, not to be confused with the forum with same name - open to everyone who need some professional help: either PM/email me, or go to my website (URL can be found in my profile). over 20 years of computer programming experience. Link to comment Share on other sites More sharing options...
DorianJ Posted December 20, 2008 Author Share Posted December 20, 2008 I was wrong. index.php and product_info.php and every page in the Admin are causing this to happen. So when the HOME page or any PRODUCT CATEGORY page or ADMIN PANEL page gets loaded, then the Date of Birth value changes to true. The individual product pages and customer login pages and checkout pages do not change this value. Every other page does. -Dorian Link to comment Share on other sites More sharing options...
tonymazz Posted March 27, 2009 Share Posted March 27, 2009 I was wrong. index.php and product_info.php and every page in the Admin are causing this to happen. So when the HOME page or any PRODUCT CATEGORY page or ADMIN PANEL page gets loaded, then the Date of Birth value changes to true. The individual product pages and customer login pages and checkout pages do not change this value. Every other page does. I am having the same issue. It just started today & is very frustrating. Did you discover the issue? Can you help me with a solution. Thanks! Tony Mazz Link to comment Share on other sites More sharing options...
Guest Posted October 6, 2009 Share Posted October 6, 2009 I too struggled with this so got Tony from Logon.info to sort it out for me. He says he couldn't fix it the way I wanted and had no idea what was causing the problem but he commented out the code for the DOB and now even though it shows in the admin panel as true, it doesn't appear on the customer page and as such the problem is fixed, albeit by going around the problem. Link to comment Share on other sites More sharing options...
jonquil Posted December 7, 2009 Share Posted December 7, 2009 In a client's case, they had been hacked. The first clue was as described here: DOB requirement changed from false to true all by itself. The second clue was all the root php files had the same date. No one was accessing that day (except the hacker). Download the root php files without overwriting a good backup and, with a text editor, search for "xong". If you find it, you've been hacked. Want to be sure? Compare your index.php with an untainted index.php. You may find the following: $td_query = tep_db_query("UPDATE `configuration` SET `configuration_value` = 'true' where `configuration_key` = 'ACCOUNT_DOB'"); Goal of said hacker? To capture credit card and sensitive personal details and insert into hacker's data base. Check your banner manager. Got a new one you don't recognise? If so, delete it. Back up your data base. Replace ASAP: 1. All root PHP files with known good backups. 2. admin/application_top.php 3. Have a file named affiliate_help9.php you never had before? Delete it. 4. Check your access logs for "boot.php" or "q_boot.php". The date of the root files hacked will guide you to the right access log. 5. Rename your "admin" directory to something else; change the name of your data base and its password. 6. Make sure your configure files match. 7. Change your host password, including FTP and email. 8. if your have admin/file_manager.php, for Lord's sake, DELETE it. 9. Again back up your data base and delete all previous backups. You should have them downloaded and archived anyway :) If any of this has applied to you, post back here with your findings :) jon It's all just ones and zeros.... Link to comment Share on other sites More sharing options...
yboti Posted December 17, 2009 Share Posted December 17, 2009 Excellent post, Jon. Well documented. I am curious if anyone else has run across this. I do have one additional note to those who follow this path. Then you rename your /admin/ folder you must also modify /admin/includes/configuration.php and chance each instance of "/admin/ to reflect your new folder name. And to do that you must set permissions on that file so you can write to it, and finally, change them back to secure your settings. Put a face on your business Communicate through video http://www.helloworld.com/yboti Link to comment Share on other sites More sharing options...
Guest Posted February 15, 2011 Share Posted February 15, 2011 Old thread, but this should help. From the root directory find . -name "*.php" -exec grep "ACCOUNT_DOB" '{}' \; -print and find . -name "*.php" -exec grep "td_query" '{}' \; -print That will help you find where they hid the hacks. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.