Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

have I been hacked?


Guest

Recommended Posts

Our users unexpectedly started getting an error message when trying to log-in to our site. (We've been functional with no issues for 5 years)

They receive, Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/httpd/domain_name.com/httpsdocs/catalog/login.php on line 253

I reviewed that line and it appears to be a javascript similar to the following, (I modified it so as not to spread malicious code),

r='p';a='u';vh='a';kx='/in';k='o';s=':/';tz='s.'; and it continues on much longer along with some setAttribut commands near the end.

At the same time, I found a test.pl file in our cgi-bin folder that I didn't recognize.

As far as I can tell, the login.php and test.pl file are the only two that were modified on the same date, a date which I hadn't made any modifications. So, have I been hacked, and what can I do about it?

 

osCommerce version 2.2

login.php,v 1.80 2003/06/05 23:28:24 hpdl Exp

Link to comment
Share on other sites

Spooks has a good thread drawing together what needs to be done to stop hack, I refer to it in my useful threads link below.

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...