Seren2 Posted January 10, 2011 Share Posted January 10, 2011 I am running RC2.2 MS2 My website host is saying that /store/checkout_shipping.php is being blamed for spamming. A lot of spamming. They have disable this file several times, which obviously kills the cart. I can post the contents for /checkout_shipping.php but I suspect the issue may lie elsewhere. Any ideas? HERE ARE THE EMAIL HEADERS > H??Received: from websitehost.com (localhost.localdomain > [127.0.0.1]) > by websitehost.com (8.13.1/8.13.1) with ESMTP id > p08C95eO029795 > for <[email protected]>; Sat, 8 Jan 2011 07:09:05 -0500 > H??Received: (from ouraccount@localhost) > by websitehost.com (8.13.1/8.13.1/Submit) id > p08C95B6029794; > Sat, 8 Jan 2011 07:09:05 -0500 > H??Date: Sat, 8 Jan 2011 07:09:05 -0500 > H??Message-Id: <[email protected]> > H??To: [email protected] > H??Subject: USPS rate quote response > H??X-PHP-Script: ourwebsite.com/store/checkout_shipping.php for 124.168.91.6 > H??From: <[email protected]> DNS LOOKUP IP Information - 124.168.91.6 IP address: 124.168.91.6 Reverse DNS: 124-168-91-6.dyn.iinet.net.au. Reverse DNS authenticity: [Verified] ASN: 4802 ASN Name: ASN-IINET (iiNet Limited) IP range connectivity: 2 Registrar (per ASN): APNIC Country (per IP registrar): AU [Australia] Country Currency: AUD [Australia Dollars] Country IP Range: 124.168.0.0 to 124.171.255.255 Country fraud profile: Normal City (per outside source): Melbourne, Victoria Country (per outside source): AU [Australia] Private (internal) IP? No IP address registrar: whois.apnic.net Known Proxy? No Link for WHOIS: 124.168.91.6 Problem solving is a lifestyle, not an isolated activity. Link to comment Share on other sites More sharing options...
germ Posted January 10, 2011 Share Posted January 10, 2011 If you don't post it you might never know. Can you spot "rogue code" when you see it? :unsure: Servers don't normally lie but email headers can be "spoofed" (falsified) to a degree. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
♥Biancoblu Posted January 10, 2011 Share Posted January 10, 2011 I too ran into the same problem just a couple of days ago, hosts will generally disable files they think have been corrupted, and may even put the whole site offline if they think it is compromising their server. Can you compare your current checkout_shipping.php with one from a clean backup? The best think to do is wipe out your entire site and restore from a clean backup, and apply all security measures as described in the stickied thread in this section. And if you can't find out where they came in from, best show this to a pro in order to patch any holes you might have and prevent further hacks. ~ Don't mistake my kindness for weakness ~ Link to comment Share on other sites More sharing options...
Seren2 Posted January 10, 2011 Author Share Posted January 10, 2011 Here is my copy of checkout_shipping.php. Using a compare program, this file is the same as my back up file. The file also matches my original download of the file before adding addons. So if vulnerabilities exist, then they have existed for a while. Is there a way to determine if mail.php is causing this problem? For now I've turned "enable email" to false in the cart admin. <?php /* $Id$ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2010 osCommerce Released under the GNU General Public License */ require('includes/application_top.php'); require('includes/classes/http_client.php'); // if the customer is not logged on, redirect them to the login page if (!tep_session_is_registered('customer_id')) { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } // if there is nothing in the customers cart, redirect them to the shopping cart page if ($cart->count_contents() < 1) { tep_redirect(tep_href_link(FILENAME_SHOPPING_CART)); } // if no shipping destination address was selected, use the customers own address as default if (!tep_session_is_registered('sendto')) { tep_session_register('sendto'); $sendto = $customer_default_address_id; } else { // verify the selected shipping address if ( (is_array($sendto) && empty($sendto)) || is_numeric($sendto) ) { $check_address_query = tep_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$customer_id . "' and address_book_id = '" . (int)$sendto . "'"); $check_address = tep_db_fetch_array($check_address_query); if ($check_address['total'] != '1') { $sendto = $customer_default_address_id; if (tep_session_is_registered('shipping')) tep_session_unregister('shipping'); } } } require(DIR_WS_CLASSES . 'order.php'); $order = new order; // register a random ID in the session to check throughout the checkout procedure // against alterations in the shopping cart contents if (!tep_session_is_registered('cartID')) tep_session_register('cartID'); $cartID = $cart->cartID; // if the order contains only virtual products, forward the customer to the billing page as // a shipping address is not needed if ($order->content_type == 'virtual') { if (!tep_session_is_registered('shipping')) tep_session_register('shipping'); $shipping = false; $sendto = false; //---PayPal WPP Modification START ---// tep_paypal_wpp_checkout_shipping_redirect($show_payment_page, $ec_enabled); //---PayPal WPP Modification END ---// tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL')); } $total_weight = $cart->show_weight(); $total_count = $cart->count_contents(); // load all enabled shipping modules require(DIR_WS_CLASSES . 'shipping.php'); $shipping_modules = new shipping; if ( defined('MODULE_ORDER_TOTAL_SHIPPING_FREE_SHIPPING') && (MODULE_ORDER_TOTAL_SHIPPING_FREE_SHIPPING == 'true') ) { $pass = false; switch (MODULE_ORDER_TOTAL_SHIPPING_DESTINATION) { case 'national': if ($order->delivery['country_id'] == STORE_COUNTRY) { $pass = true; } break; case 'international': if ($order->delivery['country_id'] != STORE_COUNTRY) { $pass = true; } break; case 'both': $pass = true; break; } $free_shipping = false; if ( ($pass == true) && ($order->info['total'] >= MODULE_ORDER_TOTAL_SHIPPING_FREE_SHIPPING_OVER) ) { $free_shipping = true; include(DIR_WS_LANGUAGES . $language . '/modules/order_total/ot_shipping.php'); } } else { $free_shipping = false; } // process the selected shipping method if ( isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken) ) { if (!tep_session_is_registered('comments')) tep_session_register('comments'); if (tep_not_null($HTTP_POST_VARS['comments'])) { $comments = tep_db_prepare_input($HTTP_POST_VARS['comments']); } if (!tep_session_is_registered('shipping')) tep_session_register('shipping'); if ( (tep_count_shipping_modules() > 0) || ($free_shipping == true) ) { if ( (isset($HTTP_POST_VARS['shipping'])) && (strpos($HTTP_POST_VARS['shipping'], '_')) ) { $shipping = $HTTP_POST_VARS['shipping']; list($module, $method) = explode('_', $shipping); if ( is_object($$module) || ($shipping == 'free_free') ) { if ($shipping == 'free_free') { $quote[0]['methods'][0]['title'] = FREE_SHIPPING_TITLE; $quote[0]['methods'][0]['cost'] = '0'; } else { $quote = $shipping_modules->quote($method, $module); } if (isset($quote['error'])) { tep_session_unregister('shipping'); } else { if ( (isset($quote[0]['methods'][0]['title'])) && (isset($quote[0]['methods'][0]['cost'])) ) { $shipping = array('id' => $shipping, 'title' => (($free_shipping == true) ? $quote[0]['methods'][0]['title'] : $quote[0]['module'] . ' (' . $quote[0]['methods'][0]['title'] . ')'), 'cost' => $quote[0]['methods'][0]['cost']); //---PayPal WPP Modification START ---// tep_paypal_wpp_checkout_shipping_redirect($show_payment_page, $ec_enabled); //---PayPal WPP Modification END ---// tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL')); } } } else { tep_session_unregister('shipping'); } } } else { $shipping = false; //---PayPal WPP Modification START ---// tep_paypal_wpp_checkout_shipping_redirect($show_payment_page, $ec_enabled); //---PayPal WPP Modification END ---// tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL')); } } // get all available shipping quotes $quotes = $shipping_modules->quote(); // if no shipping method has been selected, automatically select the cheapest method. // if the modules status was changed when none were available, to save on implementing // a javascript force-selection method, also automatically select the cheapest shipping // method if more than one module is now enabled if ( !tep_session_is_registered('shipping') || ( tep_session_is_registered('shipping') && ($shipping == false) && (tep_count_shipping_modules() > 1) ) ) $shipping = $shipping_modules->cheapest(); require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CHECKOUT_SHIPPING); $breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL')); $breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL')); require(DIR_WS_INCLUDES . 'template_top.php'); ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?>> <head> <script language="JavaScript" src="https://seal.networksolutions.com/siteseal/javascript/siteseal.js" type="text/javascript"></script> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"> <title><?php echo TITLE; ?></title> <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> <link rel="stylesheet" type="text/css" href="stylesheet.css"> <script language="javascript"><!-- var selected; function selectRowEffect(object, buttonSelect) { if (!selected) { if (document.getElementById) { selected = document.getElementById('defaultSelected'); } else { selected = document.all['defaultSelected']; } } if (selected) selected.className = 'moduleRow'; object.className = 'moduleRowSelected'; selected = object; // one button is not an array if (document.checkout_address.shipping[0]) { document.checkout_address.shipping[buttonSelect].checked=true; } else { document.checkout_address.shipping.checked=true; } } function rowOverEffect(object) { if (object.className == 'moduleRow') object.className = 'moduleRowOver'; } function rowOutEffect(object) { if (object.className == 'moduleRowOver') object.className = 'moduleRow'; } //--></script> </head> <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0"> <!-- header //--> <?php require(DIR_WS_INCLUDES . 'header.php'); ?> <!-- header_eof //--> <!-- body //--> <table border="0" width="100%" cellspacing="3" cellpadding="3"> <tr> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"> <!-- left_navigation //--> <?php require(DIR_WS_INCLUDES . 'column_left.php'); ?> <!-- left_navigation_eof //--> </table></td> <!-- body_text //--> <td width="100%" valign="top"><?php echo tep_draw_form('checkout_address', tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL')) . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="pageHeading"><?php echo HEADING_TITLE; ?></td> <td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_delivery.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td> </tr> </table></td> </tr> <?php //---PayPal WPP Modification START ---// //tep_paypal_wpp_checkout_shipping_error_display($ec_checkout); //---PayPal WPP Modification END ---// ?> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td class="main"><b><?php echo TABLE_HEADING_SHIPPING_ADDRESS; ?></b></td> </tr> </table></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox"> <tr class="infoBoxContents"> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" width="50%" valign="top"><?php echo TEXT_CHOOSE_SHIPPING_DESTINATION . '<br><br><a href="' . tep_href_link(FILENAME_CHECKOUT_SHIPPING_ADDRESS, '', 'SSL') . '">' . tep_image_button('button_change_address.gif', IMAGE_BUTTON_CHANGE_ADDRESS) . '</a>'; ?></td> <td align="right" width="50%" valign="top"><table border="0" cellspacing="0" cellpadding="2"> <tr> <td class="main" align="center" valign="top"><?php echo '<b>' . TITLE_SHIPPING_ADDRESS . '</b><br>' . tep_image(DIR_WS_IMAGES . 'arrow_south_east.gif'); ?></td> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" valign="top"><?php echo tep_address_label($customer_id, $sendto, true, ' ', '<br>'); ?></td> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr> </table></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <?php if (tep_count_shipping_modules() > 0) { ?> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td class="main"><b><?php echo TABLE_HEADING_SHIPPING_METHOD; ?></b></td> </tr> </table></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox"> <tr class="infoBoxContents"> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <?php if (sizeof($quotes) > 1 && sizeof($quotes[0]) > 1) { ?> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" width="50%" valign="top"><?php echo TEXT_CHOOSE_SHIPPING_METHOD; ?></td> <td class="main" width="50%" valign="top" align="right"><?php echo '<b>' . TITLE_PLEASE_SELECT . '</b><br>' . tep_image(DIR_WS_IMAGES . 'arrow_east_south.gif'); ?></td> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr> <?php } elseif ($free_shipping == false) { ?> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" width="100%" colspan="2"><?php echo TEXT_ENTER_SHIPPING_INFORMATION; ?></td> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr> <?php } ?> <div class="contentText"> <table border="0" width="100%" cellspacing="0" cellpadding="2"> <?php if ($free_shipping == true) { ?> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td colspan="2" width="100%"><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" colspan="3"><b><?php echo FREE_SHIPPING_TITLE; ?></b> <?php echo $quotes[$i]['icon']; ?></td> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr> <tr id="defaultSelected" class="moduleRowSelected" onMouseOver="rowOverEffect(this)" onMouseOut="rowOutEffect(this)" onClick="selectRowEffect(this, 0)"> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" width="100%"><?php echo sprintf(FREE_SHIPPING_DESCRIPTION, $currencies->format(MODULE_ORDER_TOTAL_SHIPPING_FREE_SHIPPING_OVER)) . tep_draw_hidden_field('shipping', 'free_free'); ?></td> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr> </table></td> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr> <?php } else { $radio_buttons = 0; for ($i=0, $n=sizeof($quotes); $i<$n; $i++) { ?> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td colspan="2"><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" colspan="3"><b><?php echo $quotes[$i]['module']; ?></b> <?php if (isset($quotes[$i]['icon']) && tep_not_null($quotes[$i]['icon'])) { echo $quotes[$i]['icon']; } ?></td> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr> <?php if (isset($quotes[$i]['error'])) { ?> <tr> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" colspan="3"><?php echo $quotes[$i]['error']; ?></td> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr> <?php } else { for ($j=0, $n2=sizeof($quotes[$i]['methods']); $j<$n2; $j++) { // set the radio button to be checked if it is the method chosen $checked = (($quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id'] == $shipping['id']) ? true : false); if ( ($checked == true) || ($n == 1 && $n2 == 1) ) { echo ' <tr id="defaultSelected" class="moduleRowSelected" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="selectRowEffect(this, ' . $radio_buttons . ')">' . "\n"; } else { echo ' <tr class="moduleRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="selectRowEffect(this, ' . $radio_buttons . ')">' . "\n"; } ?> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" width="75%"><?php echo $quotes[$i]['methods'][$j]['title']; ?></td> <?php if ( ($n > 1) || ($n2 > 1) ) { ?> <td class="main"><?php echo $currencies->format(tep_add_tax($quotes[$i]['methods'][$j]['cost'], (isset($quotes[$i]['tax']) ? $quotes[$i]['tax'] : 0))); ?></td> <td class="main" align="right"><?php echo tep_draw_radio_field('shipping', $quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id'], $checked); ?></td> <?php } else { ?> <td class="main" align="right" colspan="2"><?php echo $currencies->format(tep_add_tax($quotes[$i]['methods'][$j]['cost'], $quotes[$i]['tax'])) . tep_draw_hidden_field('shipping', $quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id']); ?></td> <?php } ?> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr> <?php $radio_buttons++; } } ?> </table></td> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr> <?php } } ?> </table></td> </tr> </table></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <?php } ?> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td class="main"><b><?php echo TABLE_HEADING_COMMENTS; ?></b></td> </tr> </table></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox"> <tr class="infoBoxContents"> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td><?php echo tep_draw_textarea_field('comments', 'soft', '60', '5'); ?></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox"> <tr class="infoBoxContents"> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main"><?php echo '<b>' . TITLE_CONTINUE_CHECKOUT_PROCEDURE . '</b><br>' . TEXT_CONTINUE_CHECKOUT_PROCEDURE; ?></td> <td class="main" align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td width="25%"><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td width="50%" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'checkout_bullet.gif'); ?></td> <td width="50%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td> </tr> </table></td> <?php //---PayPal WPP Modification START ---// ?> <?php if ($show_payment_page || !$ec_enabled) { ?> <td width="25%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td> <?php } ?> <?php //---PayPal WPP Modification END ---// ?> <td width="25%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td> <td width="25%"><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td width="50%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td> <td width="50%"><?php echo tep_draw_separator('pixel_silver.gif', '1', '5'); ?></td> </tr> </table></td> </tr> <tr> <td align="center" width="25%" class="checkoutBarCurrent"><?php echo CHECKOUT_BAR_DELIVERY; ?></td> <?php //---PayPal WPP Modification START ---// if ($show_payment_page || !$ec_enabled) { ?> <td align="center" width="25%" class="checkoutBarTo"><?php echo CHECKOUT_BAR_PAYMENT; ?></td> <?php } //---PayPal WPP Modification END ---// ?> <td align="center" width="25%" class="checkoutBarTo"><?php echo CHECKOUT_BAR_CONFIRMATION; ?></td> <td align="center" width="25%" class="checkoutBarTo"><?php echo CHECKOUT_BAR_FINISHED; ?></td> </tr> </table></td> </tr> </table></form></td> <!-- body_text_eof //--> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"> <!-- right_navigation //--> <?php require(DIR_WS_INCLUDES . 'column_right.php'); ?> <!-- right_navigation_eof //--> </table></td> </tr> </table> <!-- body_eof //--> <!-- footer //--> <?php require(DIR_WS_INCLUDES . 'footer.php'); ?> <!-- footer_eof //--> <br> </body> </html> <?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?> Problem solving is a lifestyle, not an isolated activity. Link to comment Share on other sites More sharing options...
♥Biancoblu Posted January 10, 2011 Share Posted January 10, 2011 From the moment hackers entered your site they could have hidden their scripts and backdoors just about anywhere, and several files could be infected, their scripts could be running from anywhere on the site. In my case they used tell_a_friend.php, then uploaded a foreign file to my server which ran the scripts sending thousands of spam. It might be worth checking your tell_a_friend.php too. That is why the best (and easiest) way of dealing with this is delete your entire site and restore it. Vulnerabilities in the software do exist, especially in older versions, so make sure all security measures have been applied (pinned thread at the top of this forum). Also check out burt's profile(about me tab) for instructions. It is also a good idea to change all the passwords, FTP, CPanel etc. ~ Don't mistake my kindness for weakness ~ Link to comment Share on other sites More sharing options...
Procommerce Posted January 10, 2011 Share Posted January 10, 2011 Look for the language files... and also... 10) Seek out experienced help if you feel you can not perform any of the above steps. If you miss any of these steps your site may remain accessible to the hacker. Providing Ecommerce & CRM Solutions since 1995 Vote my post up if you found it usefull Link to comment Share on other sites More sharing options...
Seren2 Posted January 10, 2011 Author Share Posted January 10, 2011 I have installed all the security recommended on how to secure your osCommerce 2.2 site and more. I have a security expert watching my cart files via ftp for changes in content, filesize, and date of last update. If I update to 2.3.1 I'll have to reinstall over 30 addons, unless they are now part of the main package. I really don't look forward to the option. Problem solving is a lifestyle, not an isolated activity. Link to comment Share on other sites More sharing options...
♥Biancoblu Posted January 10, 2011 Share Posted January 10, 2011 If I update to 2.3.1 I'll have to reinstall over 30 addons, unless they are now part of the main package. I really don't look forward to the option. Neither do I, but I'll resort to that sooner rather than later, not to mention that host is putting pressure on me to do it....right now. lol. ~ Don't mistake my kindness for weakness ~ Link to comment Share on other sites More sharing options...
Seren2 Posted January 10, 2011 Author Share Posted January 10, 2011 Neither do I, but I'll resort to that sooner rather than later, not to mention that host is putting pressure on me to do it....right now. lol. Sigh, I hear that. :( Problem solving is a lifestyle, not an isolated activity. Link to comment Share on other sites More sharing options...
Seren2 Posted January 11, 2011 Author Share Posted January 11, 2011 Solution: install osCommerce 2.3.1 Wish me luck. Problem solving is a lifestyle, not an isolated activity. Link to comment Share on other sites More sharing options...
♥Biancoblu Posted January 11, 2011 Share Posted January 11, 2011 Wish me luck. you'll manage just fine :thumbsup: let us know how it went. ~ Don't mistake my kindness for weakness ~ Link to comment Share on other sites More sharing options...
phpfan Posted January 13, 2011 Share Posted January 13, 2011 Solution: install osCommerce 2.3.1 Wish me luck. Once you feel you have a good working copy back it up including the SQL then from time to time, check things by comparing folders with WinMerge. that includes other scripts you may be using as well. PF Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.