Suddenly Server Error

StreamAlex · September 13, 2013, 09:50:06 AM

Hello!

Im using Virtuemart 2. It worked fine, suddenly there is a server error when trying to open the Shop.
I checked the server log and got the following errors:

Strict Standards: Declaration of JParameter::loadSetupFile() should be compatible with that of JRegistry::loadSetupFile() in /var/www/vhosts/***URL-HIDDEN***.com/httpdocs/libraries/joomla/html/parameter.php on line 512 Strict Standards: Accessing static property TableVendors::$_cache as non static in
/var/www/vhosts/***URL-HIDDEN***.com/httpdocs/administrator/components/com_virtuemart/helpers/vmtable.php on line 58 Strict Standards: Accessing static property TableVendors::$_cache as non static in
/var/www/vhosts/***URL-HIDDEN***.com/httpdocs/administrator/components/com_virtuemart/helpers/vmtable.php on line 58 Strict Standards: Accessing static property TableVendor_medias::$_cache as non static in
/var/www/vhosts/***URL-HIDDEN***.com/httpdocs/administrator/components/com_virtuemart/helpers/vmtable.php on line 58 Strict Standards: Accessing static property TableCategories::$_cache as non static in
/var/www/vhosts/***URL-HIDDEN***.com/httpdocs/administrator/components/com_virtuemart/helpers/vmtable.php on line 58 Fatal error: Cannot redeclare xmail() (previously declared in
/var/www/vhosts/***URL-HIDDEN***.com/httpdocs/components/com_virtuemart/helpers/shopfunctionsf.php:1) in
/var/www/vhosts/***URL-HIDDEN***.com/httpdocs/administrator/components/com_virtuemart/models/product.php on line 1

Maxim Pishnyak · September 13, 2013, 10:08:02 AM

Your VM and Joomla version?

StreamAlex · September 13, 2013, 10:13:30 AM

Joomla! 2.5.8 Stable
Virtuemart 2.0.16

Any help would be much appreciated, i can still see the cart however.

Maxim Pishnyak · September 13, 2013, 10:33:11 AM

You probably need to update your VM.

jenkinhill · September 13, 2013, 10:48:59 AM

Looks like the host has updated pHP to 5.4+ or made some other changes?

Joomla and VM versions are out of date and insecure.
http://developer.joomla.org/security/563-20130801-core-unauthorised-uploads.html
http://virtuemart.net/news/list-all-news/446-important-security-release-vm-team-at-joomladay-germany

StreamAlex · September 13, 2013, 11:06:26 AM

Since the website is heavily customized with plugins and styles i would prefer not to update it yet. And since it worked great just a week ago, why would this happen now?

Shouldnt it have to do something with that Fatal error: xmail()?

Php-version is 5.3.3.

Maxim Pishnyak · September 13, 2013, 11:27:55 AM

Quote from: StreamAlex on September 13, 2013, 11:06:26 AM
1. Since the website is heavily customized with plugins and styles i would prefer not to update it yet.

2. And since it worked great just a week ago, why would this happen now?

1. Isn't it look so simple to support outdated versions, how do you think?

2. Changes in hosting service environment.

Florentp · September 13, 2013, 16:15:30 PM

Quote from: Maxim Pishnyak on September 13, 2013, 11:27:55 AM
Quote from: StreamAlex on September 13, 2013, 11:06:26 AM
1. Since the website is heavily customized with plugins and styles i would prefer not to update it yet.

2. And since it worked great just a week ago, why would this happen now?
1. Isn't it look so simple to support outdated versions, how do you think?

2. Changes in hosting service environment.

My website been hacked last week, and i got the same error than you about xmail :/

QuoteCannot redeclare xmail() (previously declared in
/var/www/vhosts/***URL-HIDDEN***.com/httpdocs/components/com_virtuemart/helpers/shopfunctionsf.php:1)

Please have a look at this file ASAP.It's strange to have a xmail declaration at first line...

Milbo · September 16, 2013, 10:21:39 AM

This is not the original code, we never had an xmail declaration.

Please tell us your used version.

Florentp · September 16, 2013, 15:40:12 PM

If your website been hacked (almost sure...), please see bellow how i fixed it.
The malicious code create a kind of backdoor and allow execution of code sended as post value to the .php file.
In my case, it was to send spam. A lot of spam. My server been blacklisted on multiple BL :/
It create a lot of differents files in multiples directory, and also modify some other php files.

Example of created files :

Code Select


./administrator/components/com_messages/views/message/index.php
./administrator/components/com_languages/views/language/tmpl/index.php
./administrator/components/com_cache/index.php
./administrator/components/com_jaextmanager/helpers/uploader/adapters/index.php
./administrator/components/com_jaextmanager/lib/jaupdater/index.php
./administrator/components/com_jaextmanager/assets/jquery.alerts/images/index.php
./administrator/components/com_customfilters/models/fields/index.php
./administrator/components/com_banners/index.php
./administrator/components/com_redirect/views/index.php
./administrator/components/com_redirect/views/link/tmpl/index.php
./administrator/components/com_imreports/plugins/vm1/index.php
./administrator/components/com_weblinks/tables/index.php
./administrator/components/com_joomlaupdate/views/default/tmpl/index.php
......

Definitly created in random folders, there is no "target".

It also modify some files, adding things like that :

Code Select

/* 51bead4f86d5577b0a8509c5a793876c */ function xmail () { $a=func_get_args(); file_put_contents('./administrator/*randomfolder*/612.jpg');}

Stop qmail/postfix
Flush /cache/ folder
By ssh, did a # find . -mtime -2 -name "*.php"[/i]
"2" is the number of days since modification of shopfunctionsf.php
It listed all .php files created/modified since that date. I checked all files listed.
Used http://revisium.com/aibo/ to detect any other suspicious files [/i]
- Patch VM to the last release[/i]
My website is now okay, no more spam, no suspicious activity in server logs...

News:

Suddenly Server Error