Product-general.php

[jund]

Site URL: playmusicfeelbetter.com
Using version 1.3.8
Site has been customized. It was severely hacked and was changed into a Phishing site.

The original admin created a file named Product-general.php.
Hackers removed it. It was created to link products via their images as follows: http://www.playmusicfeelbetter.com/i...roducts_id=841

Where would I place the Product-general file (if I can create one from the general.php file?

Thank you,

jund (John Underwood)

[dbltoe]

The ONLY way to prevent a reoccurrence is to do ALL the steps in the hack removal process and then upgrade to the latest version.
Any attempt to repair your current cart will only leave you with a vulnerable cart at an address that is already on the hacker's roadmap!

[jund]

Thank you for the reply... I truly understand your message and your wllingness to support... but in order to test the original site properly and to update it, I still need my basic question answered; "Where would I place the Product-general file (if I can create one from the general.php file"?)
Respectfully,
Jund (John Underwood)

[jund]

The ONLY way to prevent a reoccurrence is to do ALL the steps in the hack removal process and then upgrade to the latest version.
Any attempt to repair your current cart will only leave you with a vulnerable cart at an address that is already on the hacker's roadmap!

Would you even be kind enough to speculate on where I would place the Product-general file if I can create one.
(It links the products image to the cart. )
Here is an example of the link to the image:
http://www.playmusicfeelbetter.com/i...roducts_id=784



The "Add to Cart" button works fine...
Here is an exaple of the link to the cart:
http://www.playmusicfeelbetter.com/i...roducts_id=784


Here is an example of the Description link:
http://www.playmusicfeelbetter.com/i...roducts_id=784

which is the same as the link to the image.

Respectfully requested,
jund (John Underwood)

[jund]

Please read post below this correction. Thank you

[dbltoe]

Your request needs to be directed to the former admin.
Realize that what we or your customer may see with a browser or screen capture of the same can be created a million ways in the php-driven background.
There is no such php file in a copy of Zen Cart.
And, I respectfully submit that following the suggested steps would have resulted in your already having recovered completely from the hack AND have a secure, up-to-date version of Zen Cart in place.
The volunteers here on the forum have contributed to making it the best forum out there, BUT none of them have any silver bullets in their gun.
Granted that you may not be familiar with the steps but I wonder why you didn't seem to want to try while pleading with everyone else to try an implausible project.
Since you (and only you) have access to all the files, simply doing the recovery from hacks might expose changes made by the previous admin and provide you with a better idea of what was done.

[jund]

Sir dbltoe,

My sincere apologies - I have been using the ZEN-CART forums for more than 5 years. I like the ZENCART forums because the people who use them are always helpful and self-respecting folks. That is the primary reason for my question. It was not based on screen capture - or any other reason except Where would I place the Product-general file (if I can create one from the general.php file"?)

Your first reponse was not helpful or self-respecting. You chose to lecture me regarding hacking.

Your second response was another lecture "Granted that you may not be familiar with the steps but I wonder why you didn't seem to want to try while pleading with everyone else to try an implausible project."

I did contact the previous admin. He built the site 4 years ago - and does not remember what he did.

Most links include index.php?main_page=index with a path statement. He changed the path statement as follows: index.php?main_page=Product-general_info.

All I was asking if anyone knew anything about Product-general. The catalog allows General Products and I assumed someone may have seen this before.

I did a search in the forums regarding Product-general but was not successful... so I created this thread to see if someone had seen something like this in the past. Matter of fact, since the Admin didn't remember what he did, maybe a hacker did it. There were php files in the image folder, and I deleted them because they were suspicious looking.

I really feel awkward as I defend myself... but I really need anwers - not a lecture. And, if there is no answer, then I should not get any answers. If there are suggestions, I will gladly accept them as well. This problem is not about me, it is about an unsuccessful client (and I am doing it for her at no charge).

With sincere respect,

jund (John Underwood)

[rstevenson]

Hi John,

You state the site has been hacked. Is it still in that state? If so, put it down for maintenance -- quick. If not, how was it fixed? Did you follow all the steps in the Recovering From Hacks link?

The issue of the product-general.php file is entirely separate from the above. I realize you'd like to put that file back, whatever it is, but if you don't know what it was and we don't know what it was, how can we possibly help you with that task? Perhaps you could talk to your server people about getting an old site backup restored to a temp folder, from where you could get the file.

Rob

[dbltoe]

I'm gonna go out on a limb here and risk another "you're lecturing" even though it is considered a form of learning.
It would have been nice to know from the beginning that you had contacted the previous admin. Otherwise one could assume (I know) that you were unable or, worse, unwilling. We deal with unable a lot on the forum.
Again, our first obligation to clients client and your their customers should be the protection of their sensitive information through the securing of their site. Hence, the "lecture" on hacking as any of us would be remiss if we didn't point out there were more steps to ensure a recovery from a hack that what we were told you had done.
Unless you are certain when the hack occurred (another thing not mentioned), you may well restore the hack with any restoration of old files. Rob's suggestion is a good one IF you can pinpoint a date when the site was "pure." Otherwise, you're "Out of the frying pan and into the fire."
And, (last lecture - scout's honor) my point about our not being able to see files. One of the main steps in recovery is to compare the existing files to a fresh download. Not doing that is possibly continuing to allow information to be gleamed from your site. But, you are also missing probably the best way to find out what called, created, or accessed the file you are looking for.
In comparing files for a hack removal, you are bound to come across a reference in an existing file that does not match the same file in a fresh download. Hopefully, one of those files will have some telling information in the header that will point you to (let's say) a mod that created that file you are looking for.

<?php
/**
* Override Template for common/tpl_main_page.php
*
* @package templateSystem
* @copyright Copyright 2005-2006 Tim Kroeger
* @copyright Portions Copyright 2003-2005 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* @version $Id: tpl_main_page.php,v 2.0 Rev 8 2010-05-31 23:46:5 DerManoMann Exp $
*/
?>

This one would catch our eye and, by scrolling down the file a little, we'd see..

//Begin Image Handler changes 1 of 2
//the next line is commented out for Image Handler 3

Now we've got somewhere to look.
I'm not ready to bet the farm that this will happen in your case as we now know it's been 4 or more years since this was done. Not everyone was that thorough in creating a mod then, but I think it's one of the few chances you have as you are the only one able to see what's there.
As far as the

I have been using the ZEN-CART forums for more than 5 years.

I answer posts to help more than just the poster. I try to make it useful information for the poster AND future searchers/lurkers who might have the same problem. I'd do the same if you had 5 months on the forum. I guess it's the teacher in me.
Best of luck in your search. If you find that header or some other clue, let us know.