Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Site Hacked Weird product and category urls


keress

Recommended Posts

I've been cleaning up a hacked site all afternoon. At this point, I'm trying to figure out what happened to product and category urls. They are missing forward slashes. '/' Should the DIR_WS_HTTP_CATALOG even be there?

 

 

http://www.greattradingpath.com/DIR_WS_HTTP_CATALOGhoop-drum-p-36.html

 

After that I need to get rid of the involuntary Cialas ads on my home page. I tried upload the english/index.php file I have, but it didn't touch it.

 

Thanks!

Link to comment
Share on other sites

When it shows up IN_ALL_CAPS_LIKE_THAT it means the define for it is missing from the config file.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

When it shows up IN_ALL_CAPS_LIKE_THAT it means the define for it is missing from the config file.

 

Thanks for the quick (and useful) response.

 

I don't even have a line mentioning DIR_WS_HTTP_CATALOG in my configure.php. I found an unfinished line in an installation file, but don't know how it should be completed.

Link to comment
Share on other sites

Thanks for the quick (and useful) response.

 

I don't even have a line mentioning DIR_WS_HTTP_CATALOG in my configure.php. I found an unfinished line in an installation file, but don't know how it should be completed.

Probably because it's missing - just like I said.

 

Try this:

 

  define('DIR_WS_HTTP_CATALOG', '/catalog/');

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

From what I can tell those links are in an index.htm file in the root of the site.

 

That's not influenced by any code in the store.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

The store is in:

 

DOMAIN/catalog

 

The link you gave to look at was just:

 

DOMAIN

 

So that (under normal conditions) either goes to:

 

DOMAIN/index.htm

DOMAIN/index.html

DOMAIN/index.php

 

Just a process of elimination.

:)

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

On the first page of the admin there are some items in all caps:

 

BOX_TITLE_STATISTICS

BOX_ENTRY_CUSTOMERS 305

BOX_ENTRY_PRODUCTS 38

BOX_ENTRY_REVIEWS 1

 

The configure.php file does have a line:

 

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

 

so I'm wondering what I should do.

Link to comment
Share on other sites

Linda,

 

Those are language definitions that should appear in your /admin/includes/languages/english.php

 

 

 

 

Chris

Link to comment
Share on other sites

Thanks. That fixed that, but now there's still some malicious code on the site, somewhere. Every few hours a particular file goes missing--includes/classes/seo.class.php. I keep getting this message instead of the front page.

 

Warning: include_once(includes/classes/seo.class.php) [function.include-once]: failed to open stream: No such file or directory in /home/greattra/public_html/catalog/includes/functions/html_output.php on line 83

 

Warning: include_once() [function.include]: Failed opening 'includes/classes/seo.class.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/greattra/public_html/catalog/includes/functions/html_output.php on line 83

 

Fatal error: Class 'SEO_URL' not found in /home/greattra/public_html/catalog/includes/functions/html_output.php on line 86

 

 

Once I upload it again, the site reappears. I guess this must mean the database is compromised. The only backup I have will lose a lot of work. Is there any way to clean this one up?

Link to comment
Share on other sites

Changing permissions did nothing. After about 8 hours, the old seo.class.php file was 'missing' again and the site broken.

 

Am I correct that this hack must be in the database, if so, is there some other way to route it out? Or what else could it be?

Link to comment
Share on other sites

Your database cannot alter or remove files. You still have hacker code on your site, either in a new file or in an altered existing file. You need to find that code and remove it.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

The best solution is to wipe the entire site and replace it with a clean copy of osCommerce from your backups. If you don't have a backup, now you know why you should.

 

Otherwise you need to compare your site with a stock copy of osCommerce. Any PHP file that you have on your site that is not in stock osC is suspect and must be examined for hacker code. Any PHP file in a directory that should not have PHP files, particularly the images directory, is a hacker file and must be removed. Then you need to compare every PHP file on your site with the stock file to check for possible hacker code.

 

You need to close your entire site while you are working on this. Use your host's control panel to password protect the entire site.

 

Read the pinned posts in the Security forum for more tips and for Addons that may help you find the hacker code and protect against further hacks.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

Hi

 

My site was hacked and I think I have cleaned my site deleting the additional php files and java scripts.

 

However i should have missed something since my site generates erroneous url such as

 

http://uniservaviation.com/contact_us.php/action/success

 

 

where I would expect

 

http://uniservaviation.com/contact_us.php?action=success

 

 

Does any one have any idea why this is happening? Doies it has tod o with the .htaccess file? What could caus this wrong creation of url/ Any one have faced a similar issue?

 

Thanks

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...