Warning in admin page related to spellerpages/server-scripts/_vti_cnf/

[elisab90]

Hello,

I am getting the following warnings when I go to the admin page:

Warning: Unknown(/home/astral5/public_html/tienda/admin/includes/rte/editor/dialog/fck_spellerpages/spellerpages/server-scripts/_vti_cnf/iuoqj.txt): failed to open stream: No such file or directory in Unknown on line 0

Warning: Unknown(/home/astral5/public_html/tienda/admin/includes/rte/editor/dialog/fck_spellerpages/spellerpages/server-scripts/_vti_cnf/iuoqj.txt): failed to open stream: No such file or directory in Unknown on line 0

Warning: (null)() [function.include]: Failed opening '/home/astral5/public_html/tienda/admin/includes/rte/editor/dialog/fck_spellerpages/spellerpages/server-scripts/_vti_cnf/iuoqj.txt' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in Unknown on line 0

Can someone help me?

Thanks!

[Robsta]

Your site appears to have been compromised. You need to change your passwords, and download the updated v3.0.20 in the CubeCart.com downloads. Remove the RTE directory it references and upload the new files.

[bsmither]

You should also get your hosting provider to assist. The '_vti_cnf' folder belongs to Microsoft FrontPage Extensions, but this could have been put here as the only instance to hide something else.

That fact that "Unknown" in line 0 is attempting to open it, and failing, might be because '_vti_cnf/iuoqj.txt" is no longer there.

Please advise your hosting provider that something "Unknown" is doing something weird.

[elisab90]

Thanks Robsta and bsmither,

I contacted the hosting provider and told the support agent your recommendations. He told me that he cleaned it up and I am not getting the warnings. However, I am worried about some things, because this is not my field and I am very worried about getting my site compromised again :

* The RTE directory is still there, should I remove it? When I told the support agent about it, he told me that "this was an injection attack through your htaccess file, I believe it was just a botnet. The RTE is a cubecart editor and I don't want to remove, I have removed the iuoqj.txt file that was part of the hack." I have another Cubecart for the store in English and the RTE directory is also there, what should I do with it?

* I am very nervous about the update, because I fear I will make a disaster, but it seems to me that you recommended the update because it will help to minimize problems like this one in the future, right?

Thanks once more.

[bsmither]

"The RTE directory is still there, should I remove it?"

No, leave it there. But look in the English store for that same file and delete if it's there.

In all your stores (two stores, right?), look for this file: "/images/random/chars/T.php" and if found, delete it.

Your store has been installed for some time now, right? If you still have an "install" folder, delete it.

Do you think you will ever use the Netherlands language? If not, delete the "nl" folder inside the /language" folder.

Finally, the following file you will have to edit. If that's beyond your skill, have your hosting provider support agent do it for you. The file is /includes/boxes/siteDocs.inc.php and the part that needs to be cut out, if present, is the very last five lines, then the very last "<?php".

What version of CC are you running now?

[elisab90]

Hello bsmither,

Thanks once more for your advice. I have checked all points you mentioned and it seems everything is "clean" in both stores ( files /includes/boxes/siteDocs.inc.php do not end with "<?php" so I am assuming they are OK, because the last five lines are part of a loop and two final $box_content lines) and I will delete the Dutch files.

I am running Cubecart v.3.0.17 as that is the version the hosting provider has in the control panel. Would you advise to upgrade to v.3.0.20?

Have a wonderful weekend! :)

[bsmither]

In general, upgrading to the latest version is always a good idea.

Even so, version 20 will need a couple of tweaks to fix a couple of very minor problems.