LinuxUK
   Home About us Design services Get in Touch Testimonails Create and account / Log in
Categories
 Premium Sites
 Security checks
 Power OSC
 Free Sites
 Support Club
 Tips and Tricks
 How to guides osC
 My Contributions
Best Buys
Fondant style
Fondant style
£120.00
£96.00
LiveZilla Live Help
Eval 64 base Decode Hack
Product stats Product Stats
Products name Product Name: Eval 64 base Decode Hack
Products model Model: Eval
Products info Product description

 eval(base64_decode  hack going around the internet, this help file is not only for osCommerce, buy any of the software you have that relies upon php, and certain session id's.

 
If your cart “suddenly” stops working as it should with no input from yourselves it could be you have been subject to the latest automated hack.
Some of the more common signs of this are
Category images stop displaying
FCK editor refuses to display images folder
Payment modules stop working
Checkout process stops working
 
How will you know?
Open any PHP file on your server, if at the very top you see a line like 
<?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKC (Goes on for a while)
Then you have been hacked.
 
To clean your site you have two options,
1, delete the entire set of PHP files on your server, (this hack will infect every single PHP file regardless of where it belongs, i.e non osC files will also be infected)
And restore from a good back up. This is the best and easy route.
 
2, You need to find the source of the files that have been placed on your server, they are always hidden well away from the top level, to do this you need to copy the top line and paste it to a Base 64 decoder, I have my own file for this but you will be able to use any of many on the internet, here is one http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/Default.aspx
 
This will reveal the location of the files you have to remove, note that it could be from 1 file to upto 30, and in some cases they will overwrite the files that should be in the host folder.
 
Once this is done, and the original files are restored, you have to go through every single PHP file and remove the code from the top line, I suggest you use a search / replace tool for this or its going to take you a very long time!
 
When this has been done it will be good practice to “drop” your database, and upload a recent backup you took prior to infection, also check that there are no new users on the database, I’ve not come across this yet, but have heard it happens.
 
Now your site is free on the code, you need to prevent it from happening again.
 
How to prevent infection.
 
This is not guaranteed 100% proof but it is going to help stop re-infection.
 
Change the name of your admin folder to something less obvious. 
Delete  admin/filemanager.php and associated links.
Ensure that your folder permissions are never set higher than 755
 
 
It seems that if you do nothing and do not rename your admin folder or delete the filemanager.php it is not a question of if, more when.
 
If you need your site cleaned please see here
 
Reviews

Eval 64 base Decode Hack - Bookmark with Delicious Eval 64 base Decode Hack - Bookmark with Digg Eval 64 base Decode Hack - Bookmark with Yahoo, My webb Eval 64 base Decode Hack - Bookmark with Spurl Eval 64 base Decode Hack - Bookmark with Furl Eval 64 base Decode Hack - Bookmark with Ask Eval 64 base Decode Hack - Bookmark with Sqidoo Eval 64 base Decode Hack - Bookmark with Simply Eval 64 base Decode Hack - Bookmark with Reddit Eval 64 base Decode Hack - Bookmark with Magnolia Eval 64 base Decode Hack - Bookmark with Facebook Eval 64 base Decode Hack - Bookmark with Google

  Saturday 31 July, 2010     2199078 requests since Wednesday 30 May, 2001