Jump to content


  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by Demitry

  1. hi, I'm trying to figure out why I keep getting a ton of these .mx files inserted as copies of all the .php files on the sub-domain I am working on. The files look like this: .mx.99063925.mx though with different numbers for each file,.. and when you open one of these files, its content is identical to one of the .php files I have in the same directory. These .mx files are not generated for any other extension except for .php and each of the .mx file sizes matches the same .php file. They are basically clones of all the .php files. I cleaned them out of every folder and a day later they all reappeared. That happened three times now. This file type is commonly associated with email files, but these are not email files and have nothing to do with that. They are also not desktop files as detailed in this article. https://www.reviversoft.com/file-extensions/mx I called my hosting company several times and they have no idea of what it is. The only thing I was told, was that their higher tier tech support came across this problem once before with a WordPress site and after running a shell script to clean all the .mx files, the issue never came back. They are now trying to figure it out and doing a full site scan. I thought it might be a hack, but this is unlikely. I've done a number of scans for viruses & malware and they all came back clean. I have nothing in my error log and no noticeable issue browsing the site. There is also nothing in the console via Chrome Developer Tools. The .mx files just add clutter to the directory structure and nearly double the size of the osC software. I searched everywhere on this issue (including osC forums) and could not find anything of value. I'm just wondering if anyone has come across this issue before and how it was resolved? Here is an image of FileZilla showing these .mx files.
  2. Demitry

    Database Optimizer

    I totally understand! I have a bunch of addons that I don't care to dedicate time to for a completely dead software. Cheers for doing this update! I appreciate it.
  3. Demitry

    Database Optimizer

    Just an addition/addendum to my previous comment. Although there is a folder in the package for osC versions Before_2.3, ..there is a large gap from version 2.2 to the Flatline version, including osC versions 2.3, 2.4, BS Edge, Gold, and everything in between. This is no longer an issue for me, but it could be for anyone else who has an osC version that is part of that gap.
  4. Demitry

    Database Optimizer

    Sorry Jack,.. my mistake on that point. I had to look at the package again to see this. I skipped over that folder because I have BS Edge, which is after version 2.3 UPDATE: I ran a test database optimization after making that change you mentioned and there was no PHP warning. So, it works! Thanks.
  5. Demitry

    Database Optimizer

    This is not in that package for version 1.8 ...and I have BS Edge as I originally stated, which is after version 2.3.4. The oldest version in that package is Flatline. For number two, I had made the fix as I stated, in my post above. I was just letting you know about this as a potential issue for others updating to this latest version because without that PHP function defined, you get a PHP Fatal Error. As for number three, thank you for the fix. I have not applied it yet, but will, and I'll test it afterwards. I am on PHP7.2 at this time, so this might be the cause of this PHP warning. Thank you for your reply.
  6. Demitry

    Database Optimizer

    @Jack_mcs hi Jack, I updated all the files for the new 1.8 version of this addon and ran it for the first time last night. One of the errors I got was for the tep_draw_bootstrap_button() function for that Update button. I have BS Edge and since there is nothing in the package for any osC versions older than Flatline (Frozen), I had to apply the changes for that version to BS Edge. However, in doing so, I noticed that Flatline does not have the tep_draw_bootstrap_button() function defined either. I got this function from Zombified Phoenix and the Update button now displays & works as it should. The other issue was a PHP warning I got regarding a non-numeric value related to the following file and line. The database optimization summary is also listed below. I looked up that line and here it is. $dateOrder = date("Y-m-d", time() - ($config['orphan_orders'] * 86400)); So, three issues: 1) There is no package solution for any osC versions older than Flatline (Frozen) 2) The tep_draw_bootstrap_button() function does not exist in Flatline for the Update button, which is in the admin/database_optimizer.php file 3) The calculation for $dateOrder variable in admin/includes/modules/database_optimizer_common.php on line 165 is producing a PHP warning of a non-numeric value I should also mention that I have not made any adjustments to the default setting in the configuration part of this addon.
  7. @domiosc So, I Googled this and did find a couple of articles on a malware injected into a site using .ico files. Here are the articles: https://blog.quttera.com/post/suspicious-icon-files-on-your-website/ https://www.theregister.com/2015/03/25/blank/ If you do regular back-ups, I would go back to the back-up you did just prior to this problem occurring and compare all folders using a comparison tool. This may not find the issue, but it is a good place to start.
  8. @ecartz Hey thanks Matt, That MS2.2 site is going away soon, but based on this conversation, I'll go ahead and remove that MS2.2 configuration cache addon. For some reason, I just did not think that my subdomain would be affected from a higher directory tier.
  9. yes, that's the same app. However, this addon is based on old MS2.2 code and does not reside in my subdomain, which is BS Edge with PHP7.2 And, the old MS2.2 site was not affected at all. I do have this addon for the BS Edge subdomain, but it is different (designed for the later version of osC) and in my opinion, more secure than the MS2.2 version.
  10. ok, thanks Matt. The shell scan for viruses and malware came back from the hosting company and it listed a bunch of files with hack related strings that it found. However, all those terms relate to security files and were not responsible for anything malicious. There was one file that was not consistent with the findings as the rest. This file is part of an older MS2.2 addon and resides higher up in the directory structure and not in my subdomain. I'm not sure if this is the culprit or not, though as I mentioned before, these .mx regeneration of duplicate .php files has not happened after the third time. here is the line that was found by the hosting company's shell scan. "/home/*******/public_html/***renamed-admin***/includes/configuration_cache.php": "hex match,{HEX}php.gzbase64.inject.452.UNOFFICIAL",
  11. The one thing I noticed, is that everything you posted is based on HTTP/1.0 -- this is an old protocol. Most everything today has moved to HTTP/2.0. You need to contact your hosting company to find out if their servers are on HTTP/2.0. If they are not, you need to switch to a different hosting company. HTTP\2.0 is faster and more secure. After doing this, you need to do a site-wide search for HTTP\1 and/or for $_SERVER["SERVER_PROTOCOL"] and manually change related instance of that HTTP\1.0 or HTTP\1.1 to HTTP\2.0. When I had to do this, it was about 25 files. Things like this are always a problem when you are upgrading from a much older version to a new one. I believe it is always better to start with the latest version of the CMS and customize it from scratch. Don't keep trying to upgrade from older versions of osC, this software is not designed for that and it will cause you a lot of headaches and time wasted. As for the INF field/attribute, I have no idea what that is because it looks like custom code and after looking in advanced_search.php and advanced_search_results.php, I don't see any part of this SQL query in those files. If you are migrating from osC MS2.2 to Zombie Phoenix, search your osC MS2.2 database for this field.
  12. hi Vicent, Please let me know what you find. I have not had another instance of this issue after that last third time. So, for now everything is good. Talk soon.
  13. hi Vicent, My hosting company made a back-up of that subdomain and then ran a shell script to remove all those .mx files. So, I really did not have to do anything. Since that time, there has not been any more incidents of this weird file replication. I called my hosting company to try and get some idea of what it was. They said, they thought it was a hack. However, I am not convinced because all scans came up empty and I did a folder comparison to a prior back-up and there was nothing new or different. My hosting company tech support also said this problem was currently occurring with other accounts, non-osC accounts. So, for now, all is good. Hope you find what is causing the .ico file replication. It might be a related issue. Use the shell script from this thread to remove all those files from the server, though be sure to back-up first.
  14. @ecartz Matt, ..you're awesome!! I don't know shell scripting ..so this will not only help me, but anyone else who comes across this thread. I have not removed these files just yet. I'm still waiting to see if my hosting company comes up with an answer before cleaning that entire sub-domain. I did see that stackoverflow.com post when searching for an answer but there were no solutions offered on that post. And though I still use Dreamweaver (old habits die hard), this is the first time I've experienced this problem. And you might be right on point with this outdated software. Tough to let go of that comfort pillow. lol Thanks Matt.
  15. Update: I was given a shell script by my hosting company to clean all of these files out at once, which is a huge help because I had to do it manually the past few times. However, I have not cleared all of these files out just yet. I want to give the hosting company techs plenty of time to figure this problem out before removing it from the server. Here is the script in case someone else runs across this same issue. find /home/change_to_your_own_directory/public_html/ -type f -name "*.mx" -exec rm -rf {} \; Please be very careful before using anything like this, and back-up entire site and all files (along with the .mx file) before running this script. If you don't know what you're doing, don't mess with it!
  16. Ugh! I got it. I know exactly what this issue is. The language file is too deep in my laptop directory and was excluded because of this when I zipped the package. I will upload it now as an update. Thank you for letting me know. The only way for me to know this was to download it and unzip it and now I see that this language file is not in there. Here it is posted here, if you want to just copy and paste it into your own. <?php /* $Id$ Customer Feedback at Checkout Version 1.0 for BS Mod by Demitry osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2020 osCommerce Released under the GNU General Public License */ define('MODULE_CONTENT_CHECKOUT_SUCCESS_CUSTOMER_FEEDBACK_TITLE', 'Customer Feedback at Checkout'); define('MODULE_CONTENT_CHECKOUT_SUCCESS_CUSTOMER_FEEDBACK_DESCRIPTION', 'Show Customer Feedback Form on the checkout success page.'); define('MODULE_CONTENT_CHECKOUT_SUCCESS_CUSTOMER_FEEDBACK_HEADING', 'And Now, We Need Your Help!'); define('MODULE_CONTENT_CHECKOUT_SUCCESS_CUSTOMER_FEEDBACK_TEXT_REQUEST', 'What "almost" kept you from completing your purchse today?'); // must be the same text in header_tags module language file define('MODULE_CONTENT_CHECKOUT_SUCCESS_CUSTOMER_FEEDBACK_TEXT_MSG_SENT', 'Your message was sent. We truly appreciate you and your business.<br /><br /> Please make any <strong>available selections</strong> on this page and click the Continue button to save your changes.'); ?>
  17. Hi, I’m finishing up a module for the checkout success page. It’s a short email form designed to get customer feedback on their purchase experience right at the final step in the checkout process. I could store their feedback in the database, but this is bad because it will quickly bloat the database. There are two issues that I am facing with this modification. First: While writing this module, I realized that this checkout_succes page contains all of the modules inside a form. I’m a bit confused about this form because It is designed to update any customer changed data inside of it (such as product notifications and/or PWA keep account), but the button included inside this form is the Continue button, which redirects the user to the index.php page. So, if a customer makes changes on this form and does not click the Continue button, but instead closes the browser tab, then all of their changes are not saved to the database, right? The point is, many other osC pages apply the Continue button to load the index.php page. Having been on the site, a customer quickly becomes aware of this and may opt to not click that button on the checkout_success page because they are finished shopping and do not want to go to the home page. Additionally, they are likely to believe that their selections on that page are automatically saved upon any changes they make. Why? ..well, because there is no button to save the changes. Therefore, shouldn’t that Continue button be renamed to Update Changes or Save Changes? And, there should be a message displayed on the index.php page post redirection, to let the customer know that their changes were saved. Second: I am now faced with a challenge where (in order to avoid nested forms), I must add my module. I would need to either add it below this form in a separate module block or include it as a button/link to a modular popup. Any ideas on how to better structure this, where I can include the module with the other checkout_success modules and be able to use the related sort order feature to position it where I want?
  18. KG, what language file issues. I would certainly like to fix them, but am not sure what you are referring to. If you mean like having the modal window display the "message sent" message, I was not planning on it. The modal closes automatically upon (an error-free) submission and the "message sent" message is displayed on the checkout_success.php page just below the heading title for this module. I could add that message to display in the modal, but then the customer would have to manually close that modal and I'm not sure then,.. what would display on the reloaded checkout_success.php page.
  19. @kgtee @ecartz KG, Matt, Thank you both for your help and advice. I had some challenges with this addon, but finally got it working. It is now available: Customer Feedback at Checkout For anyone else reading this thread, this is NOT a support thread for this addon.
  20. hi Matt, That's actually a pretty good idea that I didn't even think of. Plus, I am already adding a footer script via a header_tags module for the JS validation for that feedback form. So, I'll add the modal and see how that works.
  21. I get the concept, but as far as I know an email has to be structured as a form and if I included it as a module in the checkout_success block, then it will become nested inside of that page's order form. What I can do is add the module as a request for the customers feed back and when they click on the link (which would be a feedback question), that would open a modal window with the email form inside of it. The modal code would then have to be added to that checkout_success.php page after the main order form. Or, I could add it as an on-page form directly on that checkout_success.php page after the main order form. Either way, I would have to alter a core file, which is something I was trying to avoid.
  22. @kgtee Thanks KG, I always thought nesting forms was bad coding practice. I'll read through that stackoverflow link and see what I can get out of it.
  23. ok man, ..we're waiting on your version. ...whenever you get time.
  24. I did not know that. I assumed that they would have been removed if they were not going to be used. Ah, that is part of the module, but I could never figure out what that description meant because it did not make much sense to me. Here is the screenshot of it below. Thanks for explaining it.
  25. Jack, thank you for the explanation. The CC module adds only the card number, expiration date, and card type to the customers database table, but so do the other CC processing modules. And even the latest version of osC Phoenix has these columns in the customers database table. what do you mean by split option? I could not find anything related to this. ~~~~ Vicent, I did not plan on it because it was removed from osC and introducing it back in as an addon will likely conflict with the underlying purpose of why it was removed in the first place. As Jack said, it was a PCI compliance issue, but I am not 100% sure if this was the only reason. There may have been other security issues that were part of that decision to remove it as well. Aside from that, I do not use the left or right columns in the osC layout so, my CSS is not structured for that layout - specifically, when resizing the browser. Here is a screenshot of what my payment page looks like. I am currently just using these modules for testing and only plan on having a CC module (via a merchant account) and a PayPal module as payment options.