Jump to content
vidmarc

Strange code - top left of home page

Recommended Posts

Well I'm going to call it quits for tonight, it's 3:06am my time. I will continue tomorrow. Plus after that edit and now that people can register and checkout. Just noticed there's about 80 orders on one site and 24 on another. So going to package some orders before I get some rest. I be back tomorrow and let you know the out come after I clean all this mess up with rrs feed and snippets. Have a great one, and thanks again buddy!

Share this post


Link to post
Share on other sites

Lol... I found it. On code snippets on admin. There is a snippets by the following:

Snippet controller.index 3

 

As soon as I deactivated it, checked again for rogue, and guess what. No rogue no more no where. Can't believe that is always the most simple things that gets you all the time when over looking lol...

That was the problem, also did it on the other site, and bang no rogue either. my god, always where you never look lol.... thank god you mentioned it bsmither, or I would have been still searching lol....

Share this post


Link to post
Share on other sites

Well, that wasn't the trigger I would have thought to look at. The error in the error_log was referencing something else.

Do you recognize what this snippet belongs to, or where it came from?

We will have to see if the same situation exists for Nucleus Films.

Share this post


Link to post
Share on other sites

Now going to revert the edit on gui.class and verify that the rogue was the issue.

No I have no idea, the id on it is as follow: snippetS0Dhe

I still have to clean up as there's lots of errors on error log, but as mentioned before. I have so much old stuff and files on server. Imagen files of all types since cubecart existed. and lots of old mods v3 and v4 and v5 that are still trying to make calls.

As soon as I seen that snippet and noticed that it says index controller, and since were looking for an index.php error. I went straight to it deactivated it. and that's all it took for the rogue removal.

I'm going to check tomorrow thru all my saved crap and see if I can pin point exactly where that snippet is from.

Share this post


Link to post
Share on other sites
1 hour ago, bsmither said:

Well, that wasn't the trigger I would have thought to look at. The error in the error_log was referencing something else.

Do you recognize what this snippet belongs to, or where it came from?

We will have to see if the same situation exists for Nucleus Films.

Checked and same result.  "controller.index- snippetS0Dhe" is indeed the cause. Do I need to re-enable this snippet? What does it actually do?

   
Edited by vidmarc

Share this post


Link to post
Share on other sites

i've just googled "controller.index" and came across this thread from 2015 shame the images don't seem to be appearing in my browser on the thread to see if its the same. It might be an exploit if you didn't place the code there and don't recognise it. 🤔

 

Edited by iant

Share this post


Link to post
Share on other sites

I'm getting a lot of spam emails via the site's email address. This is worrying.

Edited by vidmarc

Share this post


Link to post
Share on other sites

Is this a bug, or an exploit of some sort? Should I close my store until we know for sure?

Share this post


Link to post
Share on other sites

This is a different conversation. Probably someone abusing your Contact Us page.

Share this post


Link to post
Share on other sites

Just found this referenced at mcafee:

Quote

 

Network Security Platform attacks that require the HTTP Response option to be enabled

1013 MEDIUM - HTTP: CubeCart CSRF Vulnerability (0x4029ba00)

 

 

Edited by vidmarc

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...