Currency and language give errors when selecting(Solved)

Hello

The other day I wasn't able to log to admin (see forum thread below)

http://forum.opencart.com/viewtopic.php ... 99#p358699

Because of files permissions, image/cache/data that was at 777 changed to 755 how? why? I have no idea cause the only thing I did before it happen is adding new products. As I explained in the thread after trying many times to change it to 777 I finally decided to upload a backup of the files and everything got fixed.

Last night when I went to login I had the same message on the admin page Invalid Session, please login again now knowing that it was a file permission I went to look at the image/cache/data directory and... it was at 755 again!!!! So I changed it back to 777 and this time it stayed!

But when I looked the the Error report I saw many many error about language and currency?

So I went to the front end (store) and tried to change from English to French and I was taken to a white page with this message I hit the back button of my browser and there I was in the store again but the language was change to French!!!

So I tried to change the currency from Canadian to USD and again a white page with this message:
Hit the back button again and I was in the store with the currency change to USD!!!!

Does those message mean that there is a problem with the footer.php file, the controller.php or is it a files permissions again?

How the files permissions change by themselves when I only add new products and do nothing else?

Is it possible that my site is haunted!!!!

I would appreciate your input regarding this problem, I'm about to getting crazy and close the whole thing!

Cleo

http://www.lesbricollesdecleo.com

Your site give this error on Norton : Web Attack : Mass Injection Website.

Hello

What does it mean? Virus attack?

Cleo

Hello K2tec

Thank you for the link, I went to look at it and I'm not sure now is it my site/store or the server that is infected?

And what about the error message when changing language or currency? Is it due to that attack or is it a file permission thing again?


tks
Cleo

Hello K2tec

You were right! I found a script in my header/footer/home/maintenance/php

I posted it in a picture if anybody have the same problem it was at the bottom of those php files!





José Manuel from sites-design told me about it too and where to look and I found it! Now the store is working properly!!

Have a nice day

Cleo

Looks like my site is clean now!

http://safeweb.norton.com/report/show?u ... &ulang=eng

Cleo

look at all your index.php files
change all your passwords .ftp, oc, mysql.
before try to find if there are more files with that script in your oc shop.

is there an other WP site in the root?

Hello K2tec

I changed my passwords right after I removed the script, I will check the index files too.

I told the web host and he said he is going to make a virus scan, I will also delete all my backup files and make a new one when I will be sure that everything is ok!

Thank you for your help!

Regards
Cleo

@k2tec

Finally it's a good thing I followed your advice, I found 7 more!!!!

public_html/index.php

public_html/download/index.html

public_html/catalog/controller/account/login.php

public_html/catalog/controller/affiliate/login.php

public_html/catalog/controller/checkout/login.php

public_html/catalog/view/javascript/DD_belatedPNG_0.0.8a-min.js

public_html/catalog/view/javascript/common.js


Looks like you're better then Norton!!!!

Cleo

here is something to read or to install
http://forum.opencart.com/viewtopic.php?f=19&t=26388

I install in most shops this security-OC-1.0.zip

Thanks I will look at it! I appreciate your help! While you are here I change the password for the db but I couldn't do it through mysql so had to do it in the config file but problem is that it's not encrypt is there a way to do it?

Tks
Cleo

no.

Ok, thanks

Cleo

Today i was injected with new malware and admin area doesn´t work. i was improve security of OC with .htaccess and more thing but malware always win. i attached the malware description. somebody can help me to improve security of OC or send me some tutorial to deny malware????

@psycmos

What I did is:

1. backup all my files to my pc
2. scan everything with Avast and Spybot which found the malwares
3. deleted all the files on my site
4. restore all the clean scanned files from my pc

Then I installed CrawlProtect http://www.crawltrack.net/forumuk/

So far it already stop 2 script injections attempts and 6 site copier attempts

Very easy to install and works very well

Good luck
Cleo

Thnks a lot for your reply. I installed crawlProtect and configured some basic configurations. i will wait for see it working!!!

You're welcome!

configured some basic configurations.

That's what I did too because I am not to sure since I don't know it very well, I also installed CrawlTrack, it also do some kind of protection and it's similar to Google Analytic, lots of informations in it!

Oh and if you have the ip that did the injection add it to your crawlprotect block list, if they try again they will get a nice blocking page with a warning message on it!

Good luck and hope they will leave us alone!!!

Cleo

Yes, we hope they will leave us alone!!! thkz a gain for your info... trying crawlProtect

Hooooo NOoooOO attacked again...

Same malware and i saw it puts that in index.php, and using crawlprotect.
They put it in index.php:

http://pastebin.com/Jc5Zhpwb