Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

malware on the index pages


MitkoPetrov

Recommended Posts

Hello all,

 

I need some help solving a malware issue. The index files of the website are infected and I get a malware alert when I try to open a cathegory.

 

The index.html contains a JS/Dldr.Agent.fwe

 

The load.php contains PHP/Pbot.A

 

The index.php file contains a JS/iFrame.FK Java script virus, what should it look like so I can remove it and fix this.

 

I already solved some security treads on the site.

Link to comment
Share on other sites

There is no index.html in osCommerce

 

There is no load.php file in osCommerce

 

The index.php file may have malicious code in it, you will have to check ALL files for malicious code and then check your server for anomalous files.

 

 

 

 

 

Chris

Link to comment
Share on other sites

Here are the first lines of the index.php if it helps:

 

<?php
/*
 $Id$
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com
 Copyright (c) 2010 osCommerce
 Released under the GNU General Public License
*/
 require('includes/application_top.php');
// the following cPath references come from application_top.php
 $category_depth = 'top';
 if (isset($cPath) && tep_not_null($cPath)) {
   $categories_products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'");
   $categories_products = tep_db_fetch_array($categories_products_query);
   if ($categories_products['total'] > 0) {
  $category_depth = 'products'; // display products
   } else {
  $category_parent_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$current_category_id . "'");
  $category_parent = tep_db_fetch_array($category_parent_query);
  if ($category_parent['total'] > 0) {
    $category_depth = 'nested'; // navigate through the categories
  } else {
    $category_depth = 'products'; // category has no products, but display the 'no products' message
  }
   }
 }
 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT);
 require(DIR_WS_INCLUDES . 'template_top.php');
 if ($category_depth == 'nested') {
   $category_query = tep_db_query("select cd.categories_name, c.categories_image from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.categories_id = '" . (int)$current_category_id . "' and cd.categories_id = '" . (int)$current_category_id . "' and cd.language_id = '" . (int)$languages_id . "'");
   $category = tep_db_fetch_array($category_query);
?>
<h1><?php echo $category['categories_name']; ?></h1>
<div class="contentContainer">
 <div class="contentText">
   <table border="0" width="100%" cellspacing="0" cellpadding="2">
  <tr>
<?php
   if (isset($cPath) && strpos('_', $cPath)) {
// check to see if there are deeper categories within the current category
  $category_links = array_reverse($cPath_array);
  for($i=0, $n=sizeof($category_links); $i<$n; $i++) {
    $categories_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.parent_id = '" . (int)$category_links[$i] . "' and c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "'");
    $categories = tep_db_fetch_array($categories_query);
    if ($categories['total'] < 1) {
	  // do nothing, go through the loop
    } else {
	  $categories_query = tep_db_query("select c.categories_id, cd.categories_name, c.categories_image, c.parent_id from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.parent_id = '" . (int)$category_links[$i] . "' and c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "' order by sort_order, cd.categories_name");
	  break; // we've found the deepest category the customer is in
    }
  }
   } else {
  $categories_query = tep_db_query("select c.categories_id, cd.categories_name, c.categories_image, c.parent_id from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.parent_id = '" . (int)$current_category_id . "' and c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "' order by sort_order, cd.categories_name");
   }
   $number_of_categories = tep_db_num_rows($categories_query);
   $rows = 0;
   while ($categories = tep_db_fetch_array($categories_query)) {
  $rows++;
  $cPath_new = tep_get_path($categories['categories_id']);
  $width = (int)(100 / MAX_DISPLAY_CATEGORIES_PER_ROW) . '%';
  echo '	    <td align="center" class="smallText" width="' . $width . '" valign="top"><a href="' . tep_href_link(FILENAME_DEFAULT, $cPath_new) . '">' . tep_image(DIR_WS_IMAGES . $categories['categories_image'], $categories['categories_name'], SUBCATEGORY_IMAGE_WIDTH, SUBCATEGORY_IMAGE_HEIGHT) . '<br />' . $categories['categories_name'] . '</a></td>' . "\n";
  if ((($rows / MAX_DISPLAY_CATEGORIES_PER_ROW) == floor($rows / MAX_DISPLAY_CATEGORIES_PER_ROW)) && ($rows != $number_of_categories)) {
    echo '	  </tr>' . "\n";
    echo '	  <tr>' . "\n";
  }
   }

 

When I ran a website check it found a

Suspicious Inline Scripts running:

 

function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/....

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...