Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Potential hack on magento 1.3.2.4 site? or manipulation error - Please help
 
picou
Jr. Member
 
Total Posts:  13
Joined:  2008-05-25
 

Hello,
I am having troubles with one of our magento 1.3.2.4 sites.
The client has access to the back-end for modification on the catalog, attributes and attributes family.
This person does not have access to ftp.

Last night the site went from functional and live to this error message.
Parse error: syntax error, unexpected ‘<’ in /home/vitrine/public_html/index.php on line 66
A quick investigation to the file revieles this code from line 55 to 67
code here ---------------------
require_once $mageFilename;

#Varien_Profiler::enable();

#Mage::setIsDeveloperMode(true);

#ini_set(’display_errors’, 1);

umask(0);
Mage::run();
<!--c767135d0881386*************52--> (I have modified the masked numbers)
-------------------

If I desactivate the last line with code <!c767............-->> The site appeares once again with what seems to be controle in the admin area, but pages and menus can not be accessed because the url is asking or searching for this link with the key in it.
http://www.site.index.php/admin/dashboard/index/key/66b392d1f7a12a26*************522c/
The page seems to load to cash a link to
http.linkhelper-cn upload to zedu.com
see the result on this page at bottom left in firefox.
http://vitrinedudressing.com/

Texte in the store search field has misteriously disapeared.

I am not grasping the full picture as to has the client made a manipulation error? and not telling me or is the site under some type of exterior attack. Please indicate some kind of direction.
Thanks

 
Magento Community Magento Community
Magento Community
Magento Community
 
picou
Jr. Member
 
Total Posts:  13
Joined:  2008-05-25
 

Is it possible that We have inverted two index.php files from diferent sites, because I am having apparently the same issue on this site www.cathy-wines.com.
Or hosting problem? They are both on the same host.
Could someone tell me what is the key at the bottom of the index.php file. It is not the same as the installation key.
Thanks for any replies.

 
Magento Community Magento Community
Magento Community
Magento Community
 
picou
Jr. Member
 
Total Posts:  13
Joined:  2008-05-25
 

Our server is clook.uk we are presently sunday just before midnight. I have issued an insident report to clook pointing to this post.
The reply was received 5 minutes later asking for precissions. 45 Minutes later the problem was completely resolved with an e-mail confirmation Hour of the day 01:20.
And they say that these english guys aren’t serious! The problem was dew to and resolved from host. 
Good night!

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top