themixtapechannel Posted November 24, 2019 Share Posted November 24, 2019 Well I'm going to call it quits for tonight, it's 3:06am my time. I will continue tomorrow. Plus after that edit and now that people can register and checkout. Just noticed there's about 80 orders on one site and 24 on another. So going to package some orders before I get some rest. I be back tomorrow and let you know the out come after I clean all this mess up with rrs feed and snippets. Have a great one, and thanks again buddy! Link to comment Share on other sites More sharing options...
themixtapechannel Posted November 24, 2019 Share Posted November 24, 2019 Lol... I found it. On code snippets on admin. There is a snippets by the following: Snippet controller.index 3 As soon as I deactivated it, checked again for rogue, and guess what. No rogue no more no where. Can't believe that is always the most simple things that gets you all the time when over looking lol... That was the problem, also did it on the other site, and bang no rogue either. my god, always where you never look lol.... thank god you mentioned it bsmither, or I would have been still searching lol.... Link to comment Share on other sites More sharing options...
bsmither Posted November 24, 2019 Share Posted November 24, 2019 Well, that wasn't the trigger I would have thought to look at. The error in the error_log was referencing something else. Do you recognize what this snippet belongs to, or where it came from? We will have to see if the same situation exists for Nucleus Films. Link to comment Share on other sites More sharing options...
themixtapechannel Posted November 24, 2019 Share Posted November 24, 2019 Now going to revert the edit on gui.class and verify that the rogue was the issue. No I have no idea, the id on it is as follow: snippetS0Dhe I still have to clean up as there's lots of errors on error log, but as mentioned before. I have so much old stuff and files on server. Imagen files of all types since cubecart existed. and lots of old mods v3 and v4 and v5 that are still trying to make calls. As soon as I seen that snippet and noticed that it says index controller, and since were looking for an index.php error. I went straight to it deactivated it. and that's all it took for the rogue removal. I'm going to check tomorrow thru all my saved crap and see if I can pin point exactly where that snippet is from. Link to comment Share on other sites More sharing options...
vidmarc Posted November 24, 2019 Author Share Posted November 24, 2019 1 hour ago, bsmither said: Well, that wasn't the trigger I would have thought to look at. The error in the error_log was referencing something else. Do you recognize what this snippet belongs to, or where it came from? We will have to see if the same situation exists for Nucleus Films. Checked and same result. "controller.index- snippetS0Dhe" is indeed the cause. Do I need to re-enable this snippet? What does it actually do? Link to comment Share on other sites More sharing options...
iant Posted November 24, 2019 Share Posted November 24, 2019 i've just googled "controller.index" and came across this thread from 2015 shame the images don't seem to be appearing in my browser on the thread to see if its the same. It might be an exploit if you didn't place the code there and don't recognise it. Link to comment Share on other sites More sharing options...
vidmarc Posted November 24, 2019 Author Share Posted November 24, 2019 I'm getting a lot of spam emails via the site's email address. This is worrying. Link to comment Share on other sites More sharing options...
vidmarc Posted November 25, 2019 Author Share Posted November 25, 2019 Is this a bug, or an exploit of some sort? Should I close my store until we know for sure? Link to comment Share on other sites More sharing options...
bsmither Posted November 25, 2019 Share Posted November 25, 2019 This is a different conversation. Probably someone abusing your Contact Us page. Link to comment Share on other sites More sharing options...
vidmarc Posted November 25, 2019 Author Share Posted November 25, 2019 Just found this referenced at mcafee: Quote Network Security Platform attacks that require the HTTP Response option to be enabled 1013 MEDIUM - HTTP: CubeCart CSRF Vulnerability (0x4029ba00) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.