Guest Posted June 21, 2009 Share Posted June 21, 2009 Our users unexpectedly started getting an error message when trying to log-in to our site. (We've been functional with no issues for 5 years) They receive, Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/httpd/domain_name.com/httpsdocs/catalog/login.php on line 253 I reviewed that line and it appears to be a javascript similar to the following, (I modified it so as not to spread malicious code), r='p';a='u';vh='a';kx='/in';k='o';s=':/';tz='s.'; and it continues on much longer along with some setAttribut commands near the end. At the same time, I found a test.pl file in our cgi-bin folder that I didn't recognize. As far as I can tell, the login.php and test.pl file are the only two that were modified on the same date, a date which I hadn't made any modifications. So, have I been hacked, and what can I do about it? osCommerce version 2.2 login.php,v 1.80 2003/06/05 23:28:24 hpdl Exp Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted June 21, 2009 Share Posted June 21, 2009 Spooks has a good thread drawing together what needs to be done to stop hack, I refer to it in my useful threads link below. Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.