VM crashed

[Seabiscuit]

Hi all,

I have a serious problem. My entire VM is crashed and nothing works anymore... However, I cannot start all over again, because I have modified so many things in the product-detail and category overview etc.

The link to my website: http://maakeencocktail.nl/index.php/webshop/accessoires. Using Joomla! 3.3.6, VirtueMart 3.0.9.

The list of issues at this moment:

- The popup after clicking on add-to-cart doesn't work. It keeps on loading while if you refresh the page yourself the product is added to the cart
- The checkout page doesn't work at all... I cannot fill out any billing details, I cannot select a paying method etc.

I have tried to read as many forums as possible, but my case is kinda undoable to figure it out by myself. Please help me! I believe there is no mix-up with jQuerys and the "Display modal popup upon 'Add to cart'" is ticked of course.

Can someone please help me a hand. I am at a loss

[Seabiscuit]

By the way, I have also tried to change templates, but this also didn't have any effect!

[Studio 42]

Hi,
You have many developper that can work with you.
When you do some changes, try to do backups.
You have a really helpfull tool for this akeeba backup.

YOu have this message :

Code Select Expand

<!--Hacked by -->
{"stat":"1","msg":"<a class=\"continue_link\" href=\"\/index.php\/webshop\/accessoires\" >Verder winkelen<\/a><a class=\"showcart floatright\" href=\"\/index.php\/winkelwagen\/cart\">Toon winkelwagen<\/a><a class=\"addtotekst\"><h4>Ice Cube Tray is toegevoegd aan de winkelwagen<\/h4><\/a>\t\t<\/div>\r\n\t<br style=\"clear:both\">\r\n\r\r\r\r\r\r<script id=\"updDynamicListeners_js\" type=\"text\/javascript\">\/\/<![CDATA[ \njQuery(document).ready(function() { \/\/ GALT: Start listening for dynamic content update.\n\t\/\/ If template is aware of dynamic update and provided a variable let's\n\t\/\/ set-up the event listeners.\n\tif (Virtuemart.container)\n\t\tVirtuemart.updateDynamicUpdateListeners();\n\n}); \/\/]]>\n<\/script>\r\r<script id=\"updateChosen_js\" type=\"text\/javascript\">\/\/<![CDATA[ \nif (typeof Virtuemart === \"undefined\")\n\tvar Virtuemart = {};\n\tVirtuemart.updateChosenDropdownLayout = function() {\n\t\tvar vm2string = {editImage: 'edit image',select_all_text: 'Select all',select_some_options_text: 'Available for all'};\n\t\tjQuery(function($) {\n\t\t\tjQuery(\".vm-chzn-select\").chosen({enable_select_all: true,select_all_text : vm2string.select_all_text,select_some_options_text:vm2string.select_some_options_text,disable_search_threshold: 5});\n\t\t});\n\t}\n\tVirtuemart.updateChosenDropdownLayout(); \/\/]]>\n<\/script>\r<script id=\"vm.countryState_js\" type=\"text\/javascript\"> \/\/<![CDATA[\n\t\tjQuery( function($) {\n\t\t\t$(\"#virtuemart_country_id\").vm2front(\"list\",{dest : \"#virtuemart_state_id\",ids : \"\",prefiks : \"\"});\n\t\t});\n\/\/]]> <\/script>\r<script id=\"vm.countryStateshipto__js\" type=\"text\/javascript\"> \/\/<![CDATA[\n\t\tjQuery( function($) {\n\t\t\t$(\"#shipto_virtuemart_country_id\").vm2front(\"list\",{dest : \"#shipto_virtuemart_state_id\",ids : \"\",prefiks : \"shipto_\"});\n\t\t});\n\/\/]]> <\/script>\r<script id=\"keepAliveTime_js\" type=\"text\/javascript\">\/\/<![CDATA[ \nvar sessMin = 15;var vmAliveUrl = \"index.php?option=com_virtuemart&view=virtuemart&task=keepalive\";var maxlps = \"4\";var minlps = \"1\"; \/\/]]>\n<\/script>\r\r"}

Because you don't have update your shop And Joomla, this get hacked chekc "<!--Hacked by -->" in the ajax answer !

[Studio 42]

And "<!--Hacked by -->" is in all your page.
Press F12 or CTRL+U  on top of page, first line

[AH]

Using Joomla! 3.3.6, VirtueMart 3.0.9.

Both versions are hopelessly out of date

Joomla posted their advisory on this in December - at which point you should have taken steps to upgrade, I have no idea how you have been hacked or through what vulnerability - but running disclosed non secure versions is highly likely to get you into trouble at some point.

Maybe you care little for such advice - as you have an immediate issue and want a "quick" fix.

So here goes:-

Restore to an old pre-hack backup on a test environment

Update Joomla and all components and plugins

Check any additional components/plugins that may also be vulnerable and - either remove them  or update to secure version

However, I cannot start all over again, because I have modified so many things in the product-detail and category overview etc.

These are overrides and should work when you upgrade - they should also be very easy to adjust if they don't!

[jenkinhill]

However, I cannot start all over again, because I have modified so many things in the product-detail and category overview etc.

Well you have no choice but you may not need to restart from the beginning!  If you modified the view/tmpl or sublayout files without setting those files as overrides then you can use these again as overrides, after making sure that they have no additional (hackers) code.  If you did set them as overrides the save those files. Otherwise the restore process is similar to as described here -  http://forum.virtuemart.net/index.php?topic=133102.msg461082#msg461082

http://forum.virtuemart.net/index.php?topic=118683.0

[Milbo]

I am almost 100% sure the hack was done via joomla, because the security added in vm3.0.10 is very hard to exploit. But since j3.3.6 to j3.4.8 we had maybe 10 security releases.