mxboxalicante Posted March 26, 2011 Share Posted March 26, 2011 Estimated companions, I go a few weeks in which I am more time restoring backups of oscommerce that with my family. Practically every day when i type my web page I have messages of this type: Fatal error: Call to a member function add_current_page() on a non-object in /web/htdocs/www.mxboxalicante.com/home/catalog/includes/application_top.php on line 325 Every day of a different file I have been putting all the safety addons that I have could but this is still equal. What do you think that can be, have stolen the password of the ftp from me? and are modifying me my .php files from ftp? Today in the morning for example tape-worm 11 files modified of them 2:30 of the dawn Best Regards Link to comment Share on other sites More sharing options...
Taipo Posted March 26, 2011 Share Posted March 26, 2011 Your cookie_usage.php file is infected with a code that allows an attacker to upload files and overwrite files. Restore the original file. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
satish Posted March 26, 2011 Share Posted March 26, 2011 add_current_page() error suggest that your session variables is not a global variable. Apply register globals patch. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does. Link to comment Share on other sites More sharing options...
Taipo Posted March 26, 2011 Share Posted March 26, 2011 If you go to http://www.mxboxalicante.com/catalog/cookie_usage.php?cookies=1 you can see there is a message displayed: Goog1e_analist_certsv..1 To the attacker this means they can exploit this file to overwrite any file on your server, check file permissions of other files, read file content, and upload any file they choose. I wrote an explaination of this here. There is no security change you can make that can prevent them exploiting this file in this manner. You need to find an original install of cookie_usage.php and restore it to your site. This current file probably had code appended into it before you patched your site with security changes. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.