VirtueMart Forum

Hello!

Im using Virtuemart 2. It worked fine, suddenly there is a server error when trying to open the Shop.
I checked the server log and got the following errors:

Strict Standards: Declaration of JParameter::loadSetupFile() should be compatible with that of JRegistry::loadSetupFile() in /var/www/vhosts/***URL-HIDDEN***.com/httpdocs/libraries/joomla/html/parameter.php on line 512 Strict Standards: Accessing static property TableVendors::$_cache as non static in
/var/www/vhosts/***URL-HIDDEN***.com/httpdocs/administrator/components/com_virtuemart/helpers/vmtable.php on line 58 Strict Standards: Accessing static property TableVendors::$_cache as non static in
/var/www/vhosts/***URL-HIDDEN***.com/httpdocs/administrator/components/com_virtuemart/helpers/vmtable.php on line 58 Strict Standards: Accessing static property TableVendor_medias::$_cache as non static in
/var/www/vhosts/***URL-HIDDEN***.com/httpdocs/administrator/components/com_virtuemart/helpers/vmtable.php on line 58 Strict Standards: Accessing static property TableCategories::$_cache as non static in
/var/www/vhosts/***URL-HIDDEN***.com/httpdocs/administrator/components/com_virtuemart/helpers/vmtable.php on line 58 Fatal error: Cannot redeclare xmail() (previously declared in
/var/www/vhosts/***URL-HIDDEN***.com/httpdocs/components/com_virtuemart/helpers/shopfunctionsf.php:1) in
/var/www/vhosts/***URL-HIDDEN***.com/httpdocs/administrator/components/com_virtuemart/models/product.php on line 1

Your VM and Joomla version?

Joomla! 2.5.8 Stable
Virtuemart 2.0.16

Any help would be much appreciated, i can still see the cart however.

You probably need to update your VM.

Looks like the host has updated pHP to 5.4+ or made some other changes?

Joomla and VM versions are out of date and insecure.
http://developer.joomla.org/security/563-20130801-core-unauthorised-uploads.html
http://virtuemart.net/news/list-all-news/446-important-security-release-vm-team-at-joomladay-germany

Since the website is heavily customized with plugins and styles i would prefer not to update it yet. And since it worked great just a week ago, why would this happen now?

Shouldnt it have to do something with that Fatal error: xmail()?

Php-version is 5.3.3.

Quote from: StreamAlex on September 13, 2013, 11:06:26 AM
1. Since the website is heavily customized with plugins and styles i would prefer not to update it yet.

2. And since it worked great just a week ago, why would this happen now?

1. Isn't it look so simple to support outdated versions, how do you think?

2. Changes in hosting service environment.

Quote from: Maxim Pishnyak on September 13, 2013, 11:27:55 AM

Quote from: StreamAlex on September 13, 2013, 11:06:26 AM
1. Since the website is heavily customized with plugins and styles i would prefer not to update it yet.

2. And since it worked great just a week ago, why would this happen now?

1. Isn't it look so simple to support outdated versions, how do you think?

2. Changes in hosting service environment.

My website been hacked last week, and i got the same error than you about xmail :/

QuoteCannot redeclare xmail() (previously declared in
/var/www/vhosts/***URL-HIDDEN***.com/httpdocs/components/com_virtuemart/helpers/shopfunctionsf.php:1)

Please have a look at this file ASAP.It's strange to have a xmail declaration at first line...

This is not the original code, we never had an xmail declaration.

Please tell us your used version.

If your website been hacked (almost sure...), please see bellow how i fixed it.
The malicious code create a kind of backdoor and allow execution of code sended as post value to the .php file.
In my case, it was to send spam. A lot of spam. My server been blacklisted on multiple BL :/
It create a lot of differents files in multiples directory, and also modify some other php files.

Example of created files :
./administrator/components/com_messages/views/message/index.php
./administrator/components/com_languages/views/language/tmpl/index.php
./administrator/components/com_cache/index.php
./administrator/components/com_jaextmanager/helpers/uploader/adapters/index.php
./administrator/components/com_jaextmanager/lib/jaupdater/index.php
./administrator/components/com_jaextmanager/assets/jquery.alerts/images/index.php
./administrator/components/com_customfilters/models/fields/index.php
./administrator/components/com_banners/index.php
./administrator/components/com_redirect/views/index.php
./administrator/components/com_redirect/views/link/tmpl/index.php
./administrator/components/com_imreports/plugins/vm1/index.php
./administrator/components/com_weblinks/tables/index.php
./administrator/components/com_joomlaupdate/views/default/tmpl/index.php
......

Definitly created in random folders, there is no "target".

It also modify some files, adding things like that :
/* 51bead4f86d5577b0a8509c5a793876c */ function xmail () { $a=func_get_args(); file_put_contents('./administrator/*randomfolder*/612.jpg');}

It that case, content of 612.jpg was for sure some php code... Uploaded as a Jpeg, to be more "discreet"...


What I did :



• Stop qmail/postfix
• Flush /cache/ folder
• By ssh, did a  # find . -mtime -2 -name "*.php"[/i]
  "2" is the number of days since modification of shopfunctionsf.php
  It listed all .php files created/modified since that date. I checked all files listed.
• Used http://revisium.com/aibo/ to detect any other suspicious files [/i]
  
  • Patch VM to the last release[/i]
    
  My website is now okay, no more spam, no suspicious activity in server logs...