Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Finding extra code in html_output.php


Recommended Posts

I have been finding this in my server logs: GET /osc/index.php?cPath= HTTP/1.1" 200


When you added that to my site's full URL it leads to a TEST page. I found the image on that test page in my images folder on the server. My site is hosted by TechSquared out of Roanoke, VA. I never put that image there, so assume someone else did. That image was put on the server on a certain date, so I checked other pages on the server for that date and found that the html_output.php page in the Includes/Functions folder had been altered on the same date. So I compared that page to the original one and they are slightly different. The different code is:


if(!file_exists($src) && file_exists('../'.$src)){

copy('../'.$src, $src);



It comes right after this:



// The HTML image wrapper function

function tep_image($src, $alt = '', $width = '', $height = '', $parameters = '') {

if ( (empty($src) || ($src == DIR_WS_IMAGES)) && (IMAGE_REQUIRED == 'false') ) {

return false;



Can you tell me what that extra code is doing? Is this normal or has someone hacked the page?


I have blocked the IP in htaccess. But I am still finding that type of posting all the time in my server logs with a variety of different initiating IPs. My concern is that whoever owns (from Iran) is using my site for some nefarious purpose.


Thank you.


Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...