Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

checkout_shipping.php being blamed for spamming


Seren2

Recommended Posts

I am running RC2.2 MS2

 

My website host is saying that /store/checkout_shipping.php is being blamed for spamming. A lot of spamming. They have disable this file several times, which obviously kills the cart.

 

I can post the contents for /checkout_shipping.php but I suspect the issue may lie elsewhere.

 

Any ideas?

 

HERE ARE THE EMAIL HEADERS

 

> H??Received: from websitehost.com (localhost.localdomain

> [127.0.0.1])

> by websitehost.com (8.13.1/8.13.1) with ESMTP id

> p08C95eO029795

> for <[email protected]>; Sat, 8 Jan 2011 07:09:05 -0500

> H??Received: (from ouraccount@localhost)

> by websitehost.com (8.13.1/8.13.1/Submit) id

> p08C95B6029794;

> Sat, 8 Jan 2011 07:09:05 -0500

> H??Date: Sat, 8 Jan 2011 07:09:05 -0500

> H??Message-Id: <[email protected]>

> H??To: [email protected]

> H??Subject: USPS rate quote response

> H??X-PHP-Script: ourwebsite.com/store/checkout_shipping.php for 124.168.91.6

> H??From: <[email protected]>

 

 

DNS LOOKUP

 

IP Information - 124.168.91.6

IP address: 124.168.91.6

Reverse DNS: 124-168-91-6.dyn.iinet.net.au.

Reverse DNS authenticity: [Verified]

ASN: 4802

ASN Name: ASN-IINET (iiNet Limited)

IP range connectivity: 2

Registrar (per ASN): APNIC

Country (per IP registrar): AU [Australia]

Country Currency: AUD [Australia Dollars]

Country IP Range: 124.168.0.0 to 124.171.255.255

Country fraud profile: Normal

City (per outside source): Melbourne, Victoria

Country (per outside source): AU [Australia]

Private (internal) IP? No

IP address registrar: whois.apnic.net

Known Proxy? No

Link for WHOIS: 124.168.91.6

Problem solving is a lifestyle, not an isolated activity.

Link to comment
Share on other sites

If you don't post it you might never know.

 

Can you spot "rogue code" when you see it?

:unsure:

 

Servers don't normally lie but email headers can be "spoofed" (falsified) to a degree.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

I too ran into the same problem just a couple of days ago, hosts will generally disable files they think have been corrupted, and may even put the whole site offline if they think it is compromising their server.

Can you compare your current checkout_shipping.php with one from a clean backup?

The best think to do is wipe out your entire site and restore from a clean backup, and apply all security measures as described in the stickied thread in this section.

And if you can't find out where they came in from, best show this to a pro in order to patch any holes you might have and prevent further hacks.

~ Don't mistake my kindness for weakness ~

Link to comment
Share on other sites

Here is my copy of checkout_shipping.php. Using a compare program, this file is the same as my back up file. The file also matches my original download of the file before adding addons. So if vulnerabilities exist, then they have existed for a while.

 

Is there a way to determine if mail.php is causing this problem?

 

For now I've turned "enable email" to false in the cart admin.

 

<?php
/*
 $Id$

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2010 osCommerce

 Released under the GNU General Public License
*/

 require('includes/application_top.php');
 require('includes/classes/http_client.php');

// if the customer is not logged on, redirect them to the login page
 if (!tep_session_is_registered('customer_id')) {
   $navigation->set_snapshot();
   tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
 }

// if there is nothing in the customers cart, redirect them to the shopping cart page
 if ($cart->count_contents() < 1) {
   tep_redirect(tep_href_link(FILENAME_SHOPPING_CART));
 }

// if no shipping destination address was selected, use the customers own address as default
 if (!tep_session_is_registered('sendto')) {
   tep_session_register('sendto');
   $sendto = $customer_default_address_id;
 } else {
// verify the selected shipping address
   if ( (is_array($sendto) && empty($sendto)) || is_numeric($sendto) ) {
     $check_address_query = tep_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$customer_id . "' and address_book_id = '" . (int)$sendto . "'");
     $check_address = tep_db_fetch_array($check_address_query);

     if ($check_address['total'] != '1') {
       $sendto = $customer_default_address_id;
       if (tep_session_is_registered('shipping')) tep_session_unregister('shipping');
     }
   }
 }

 require(DIR_WS_CLASSES . 'order.php');
 $order = new order;

// register a random ID in the session to check throughout the checkout procedure
// against alterations in the shopping cart contents
 if (!tep_session_is_registered('cartID')) tep_session_register('cartID');
 $cartID = $cart->cartID;

// if the order contains only virtual products, forward the customer to the billing page as
// a shipping address is not needed
 if ($order->content_type == 'virtual') {
   if (!tep_session_is_registered('shipping')) tep_session_register('shipping');
   $shipping = false;
   $sendto = false;

//---PayPal WPP Modification START ---//
   tep_paypal_wpp_checkout_shipping_redirect($show_payment_page, $ec_enabled);
//---PayPal WPP Modification END ---//

   tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
 }

 $total_weight = $cart->show_weight();
 $total_count = $cart->count_contents();

// load all enabled shipping modules
 require(DIR_WS_CLASSES . 'shipping.php');
 $shipping_modules = new shipping;

 if ( defined('MODULE_ORDER_TOTAL_SHIPPING_FREE_SHIPPING') && (MODULE_ORDER_TOTAL_SHIPPING_FREE_SHIPPING == 'true') ) {
   $pass = false;

   switch (MODULE_ORDER_TOTAL_SHIPPING_DESTINATION) {
     case 'national':
       if ($order->delivery['country_id'] == STORE_COUNTRY) {
         $pass = true;
       }
       break;
     case 'international':
       if ($order->delivery['country_id'] != STORE_COUNTRY) {
         $pass = true;
       }
       break;
     case 'both':
       $pass = true;
       break;
   }

   $free_shipping = false;
   if ( ($pass == true) && ($order->info['total'] >= MODULE_ORDER_TOTAL_SHIPPING_FREE_SHIPPING_OVER) ) {
     $free_shipping = true;

     include(DIR_WS_LANGUAGES . $language . '/modules/order_total/ot_shipping.php');
   }
 } else {
   $free_shipping = false;
 }

// process the selected shipping method
 if ( isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken) ) {
   if (!tep_session_is_registered('comments')) tep_session_register('comments');
   if (tep_not_null($HTTP_POST_VARS['comments'])) {
     $comments = tep_db_prepare_input($HTTP_POST_VARS['comments']);
   }

   if (!tep_session_is_registered('shipping')) tep_session_register('shipping');

   if ( (tep_count_shipping_modules() > 0) || ($free_shipping == true) ) {
     if ( (isset($HTTP_POST_VARS['shipping'])) && (strpos($HTTP_POST_VARS['shipping'], '_')) ) {
       $shipping = $HTTP_POST_VARS['shipping'];

       list($module, $method) = explode('_', $shipping);
       if ( is_object($$module) || ($shipping == 'free_free') ) {
         if ($shipping == 'free_free') {
           $quote[0]['methods'][0]['title'] = FREE_SHIPPING_TITLE;
           $quote[0]['methods'][0]['cost'] = '0';
         } else {
           $quote = $shipping_modules->quote($method, $module);
         }
         if (isset($quote['error'])) {
           tep_session_unregister('shipping');
         } else {
           if ( (isset($quote[0]['methods'][0]['title'])) && (isset($quote[0]['methods'][0]['cost'])) ) {
             $shipping = array('id' => $shipping,
                               'title' => (($free_shipping == true) ?  $quote[0]['methods'][0]['title'] : $quote[0]['module'] . ' (' . $quote[0]['methods'][0]['title'] . ')'),
                               'cost' => $quote[0]['methods'][0]['cost']);

							//---PayPal WPP Modification START ---//
      tep_paypal_wpp_checkout_shipping_redirect($show_payment_page, $ec_enabled);
//---PayPal WPP Modification END ---//

             tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
           }
         }
       } else {
         tep_session_unregister('shipping');
       }
     }
   } else {
     $shipping = false;
//---PayPal WPP Modification START ---//
    tep_paypal_wpp_checkout_shipping_redirect($show_payment_page, $ec_enabled);
//---PayPal WPP Modification END ---//               

     tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
   }    
 }

// get all available shipping quotes
 $quotes = $shipping_modules->quote();

// if no shipping method has been selected, automatically select the cheapest method.
// if the modules status was changed when none were available, to save on implementing
// a javascript force-selection method, also automatically select the cheapest shipping
// method if more than one module is now enabled
 if ( !tep_session_is_registered('shipping') || ( tep_session_is_registered('shipping') && ($shipping == false) && (tep_count_shipping_modules() > 1) ) ) $shipping = $shipping_modules->cheapest();

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CHECKOUT_SHIPPING);

 $breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
 $breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));

 require(DIR_WS_INCLUDES . 'template_top.php');
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<script language="JavaScript" src="https://seal.networksolutions.com/siteseal/javascript/siteseal.js" type="text/javascript"></script>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<link rel="stylesheet" type="text/css" href="stylesheet.css">
<script language="javascript"><!--
var selected;

function selectRowEffect(object, buttonSelect) {
 if (!selected) {
   if (document.getElementById) {
     selected = document.getElementById('defaultSelected');
   } else {
     selected = document.all['defaultSelected'];
   }
 }

 if (selected) selected.className = 'moduleRow';
 object.className = 'moduleRowSelected';
 selected = object;

// one button is not an array
 if (document.checkout_address.shipping[0]) {
   document.checkout_address.shipping[buttonSelect].checked=true;
 } else {
   document.checkout_address.shipping.checked=true;
 }
}

function rowOverEffect(object) {
 if (object.className == 'moduleRow') object.className = 'moduleRowOver';
}

function rowOutEffect(object) {
 if (object.className == 'moduleRowOver') object.className = 'moduleRow';
}
//--></script>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="3" cellpadding="3">
 <tr>
   <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
   </table></td>
<!-- body_text //-->
   <td width="100%" valign="top"><?php echo tep_draw_form('checkout_address', tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL')) . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
     <tr>
       <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
         <tr>
           <td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
           <td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_delivery.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>
         </tr>
       </table></td>
     </tr>
     <?php 
//---PayPal WPP Modification START ---//
 //tep_paypal_wpp_checkout_shipping_error_display($ec_checkout);
//---PayPal WPP Modification END ---//
?>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
     <tr>
       <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
         <tr>
           <td class="main"><b><?php echo TABLE_HEADING_SHIPPING_ADDRESS; ?></b></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
         <tr class="infoBoxContents">
           <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
             <tr>
               <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> 
               <td class="main" width="50%" valign="top"><?php echo TEXT_CHOOSE_SHIPPING_DESTINATION . '<br><br><a href="' . tep_href_link(FILENAME_CHECKOUT_SHIPPING_ADDRESS, '', 'SSL') . '">' . tep_image_button('button_change_address.gif', IMAGE_BUTTON_CHANGE_ADDRESS) . '</a>'; ?></td>
               <td align="right" width="50%" valign="top"><table border="0" cellspacing="0" cellpadding="2">
                 <tr>
                   <td class="main" align="center" valign="top"><?php echo '<b>' . TITLE_SHIPPING_ADDRESS . '</b><br>' . tep_image(DIR_WS_IMAGES . 'arrow_south_east.gif'); ?></td>
                   <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> 
                   <td class="main" valign="top"><?php echo tep_address_label($customer_id, $sendto, true, ' ', '<br>'); ?></td>
                   <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> 
                 </tr>
               </table></td>
             </tr>
           </table></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
<?php
 if (tep_count_shipping_modules() > 0) {
?>
     <tr>
       <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
         <tr>
           <td class="main"><b><?php echo TABLE_HEADING_SHIPPING_METHOD; ?></b></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
         <tr class="infoBoxContents">
           <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
<?php
   if (sizeof($quotes) > 1 && sizeof($quotes[0]) > 1) {
?>
             <tr>
               <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
               <td class="main" width="50%" valign="top"><?php echo TEXT_CHOOSE_SHIPPING_METHOD; ?></td>
               <td class="main" width="50%" valign="top" align="right"><?php echo '<b>' . TITLE_PLEASE_SELECT . '</b><br>' . tep_image(DIR_WS_IMAGES . 'arrow_east_south.gif'); ?></td>
               <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
             </tr>
<?php
   } elseif ($free_shipping == false) {
?>
             <tr>
               <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
               <td class="main" width="100%" colspan="2"><?php echo TEXT_ENTER_SHIPPING_INFORMATION; ?></td>
               <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
             </tr>
<?php
   }
?>

 <div class="contentText">
   <table border="0" width="100%" cellspacing="0" cellpadding="2">

<?php
   if ($free_shipping == true) {
?>
             <tr>
               <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
               <td colspan="2" width="100%"><table border="0" width="100%" cellspacing="0" cellpadding="2">
                 <tr>
                   <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
                   <td class="main" colspan="3"><b><?php echo FREE_SHIPPING_TITLE; ?></b> <?php echo $quotes[$i]['icon']; ?></td>
                   <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
                 </tr>
                 <tr id="defaultSelected" class="moduleRowSelected" onMouseOver="rowOverEffect(this)" onMouseOut="rowOutEffect(this)" onClick="selectRowEffect(this, 0)">
                   <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
                   <td class="main" width="100%"><?php echo sprintf(FREE_SHIPPING_DESCRIPTION, $currencies->format(MODULE_ORDER_TOTAL_SHIPPING_FREE_SHIPPING_OVER)) . tep_draw_hidden_field('shipping', 'free_free'); ?></td>
                   <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
                 </tr>
               </table></td>
               <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> 
             </tr>
<?php
   } else {
     $radio_buttons = 0;
     for ($i=0, $n=sizeof($quotes); $i<$n; $i++) {
?>
             <tr>
               <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
               <td colspan="2"><table border="0" width="100%" cellspacing="0" cellpadding="2">
                 <tr>
                   <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
                   <td class="main" colspan="3"><b><?php echo $quotes[$i]['module']; ?></b> <?php if (isset($quotes[$i]['icon']) && tep_not_null($quotes[$i]['icon'])) { echo $quotes[$i]['icon']; } ?></td>
                   <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
                 </tr>
<?php
       if (isset($quotes[$i]['error'])) {
?>
                 <tr>
                   <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
                   <td class="main" colspan="3"><?php echo $quotes[$i]['error']; ?></td>
                   <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
                 </tr>
<?php
       } else {
         for ($j=0, $n2=sizeof($quotes[$i]['methods']); $j<$n2; $j++) {
// set the radio button to be checked if it is the method chosen
           $checked = (($quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id'] == $shipping['id']) ? true : false);

           if ( ($checked == true) || ($n == 1 && $n2 == 1) ) {
             echo '      <tr id="defaultSelected" class="moduleRowSelected" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="selectRowEffect(this, ' . $radio_buttons . ')">' . "\n";
           } else {
             echo '      <tr class="moduleRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="selectRowEffect(this, ' . $radio_buttons . ')">' . "\n";
           }
?>
                   <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
                   <td class="main" width="75%"><?php echo $quotes[$i]['methods'][$j]['title']; ?></td>
<?php
           if ( ($n > 1) || ($n2 > 1) ) {
?>
                   <td class="main"><?php echo $currencies->format(tep_add_tax($quotes[$i]['methods'][$j]['cost'], (isset($quotes[$i]['tax']) ? $quotes[$i]['tax'] : 0))); ?></td>
                   <td class="main" align="right"><?php echo tep_draw_radio_field('shipping', $quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id'], $checked); ?></td>
<?php
           } else {
?>
                   <td class="main" align="right" colspan="2"><?php echo $currencies->format(tep_add_tax($quotes[$i]['methods'][$j]['cost'], $quotes[$i]['tax'])) . tep_draw_hidden_field('shipping', $quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id']); ?></td>
<?php
           }
?>
                   <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
                 </tr>
<?php
           $radio_buttons++;
         }
       }
?>
               </table></td>
               <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> 
             </tr>
<?php
     }
   }
?>
           </table></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
<?php
 }
?>
     <tr>
       <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
         <tr>
           <td class="main"><b><?php echo TABLE_HEADING_COMMENTS; ?></b></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
         <tr class="infoBoxContents">
           <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
             <tr>
               <td><?php echo tep_draw_textarea_field('comments', 'soft', '60', '5'); ?></td>
             </tr>
           </table></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
     <tr>
       <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
         <tr class="infoBoxContents">
           <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
             <tr>
               <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
               <td class="main"><?php echo '<b>' . TITLE_CONTINUE_CHECKOUT_PROCEDURE . '</b><br>' . TEXT_CONTINUE_CHECKOUT_PROCEDURE; ?></td>
               <td class="main" align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>
               <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
             </tr>
           </table></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
     <tr>
       <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
         <tr>
           <td width="25%"><table border="0" width="100%" cellspacing="0" cellpadding="0">
             <tr>
               <td width="50%" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'checkout_bullet.gif'); ?></td>
               <td width="50%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td>
             </tr>
           </table></td>
          <?php //---PayPal WPP Modification START ---// ?>
<?php if ($show_payment_page || !$ec_enabled) { ?>
           <td width="25%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td>
<?php } ?>
<?php //---PayPal WPP Modification END ---// ?>
           <td width="25%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td>
           <td width="25%"><table border="0" width="100%" cellspacing="0" cellpadding="0">
             <tr>
               <td width="50%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td>
               <td width="50%"><?php echo tep_draw_separator('pixel_silver.gif', '1', '5'); ?></td>
             </tr>
           </table></td>
         </tr>
         <tr>
           <td align="center" width="25%" class="checkoutBarCurrent"><?php echo CHECKOUT_BAR_DELIVERY; ?></td>
         <?php 
 //---PayPal WPP Modification START ---//
 if ($show_payment_page || !$ec_enabled) { 
?>
           <td align="center" width="25%" class="checkoutBarTo"><?php echo CHECKOUT_BAR_PAYMENT; ?></td>
<?php	
 }
//---PayPal WPP Modification END ---//
?>
           <td align="center" width="25%" class="checkoutBarTo"><?php echo CHECKOUT_BAR_CONFIRMATION; ?></td>
           <td align="center" width="25%" class="checkoutBarTo"><?php echo CHECKOUT_BAR_FINISHED; ?></td>
         </tr>
       </table></td>
     </tr>
   </table></form></td>
<!-- body_text_eof //-->
   <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
   </table></td>
 </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Problem solving is a lifestyle, not an isolated activity.

Link to comment
Share on other sites

From the moment hackers entered your site they could have hidden their scripts and backdoors just about anywhere, and several files could be infected, their scripts could be running from anywhere on the site.

In my case they used tell_a_friend.php, then uploaded a foreign file to my server which ran the scripts sending thousands of spam. It might be worth checking your tell_a_friend.php too.

 

That is why the best (and easiest) way of dealing with this is delete your entire site and restore it. Vulnerabilities in the software do exist, especially in older versions, so make sure all security measures have been applied (pinned thread at the top of this forum).

Also check out burt's profile(about me tab) for instructions.

 

It is also a good idea to change all the passwords, FTP, CPanel etc.

~ Don't mistake my kindness for weakness ~

Link to comment
Share on other sites

Look for the language files... and also...

 

10) Seek out experienced help if you feel you can not perform any of the above steps. If you miss any of these steps your site may remain accessible to the hacker.

Providing Ecommerce & CRM Solutions since 1995

Vote my post up if you found it usefull

Link to comment
Share on other sites

I have installed all the security recommended on how to secure your osCommerce 2.2 site and more.

 

I have a security expert watching my cart files via ftp for changes in content, filesize, and date of last update.

 

If I update to 2.3.1 I'll have to reinstall over 30 addons, unless they are now part of the main package. I really don't look forward to the option.

Problem solving is a lifestyle, not an isolated activity.

Link to comment
Share on other sites

 

If I update to 2.3.1 I'll have to reinstall over 30 addons, unless they are now part of the main package. I really don't look forward to the option.

 

Neither do I, but I'll resort to that sooner rather than later, not to mention that host is putting pressure on me to do it....right now. lol.

~ Don't mistake my kindness for weakness ~

Link to comment
Share on other sites

Neither do I, but I'll resort to that sooner rather than later, not to mention that host is putting pressure on me to do it....right now. lol.

Sigh, I hear that. :(

Problem solving is a lifestyle, not an isolated activity.

Link to comment
Share on other sites

Solution: install osCommerce 2.3.1

 

Wish me luck.

 

Once you feel you have a good working copy back it up

including the SQL then from time to time, check things

by comparing folders with WinMerge. that includes other

scripts you may be using as well.

 

PF

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...