support

Author Topic: getting .filename.css loaded automatically  (Read 2943 times)

Offline Sam_78

  • Sr. Member
  • ****
  • Posts: 278
  • Karma: +43/-1
    • View Profile
getting .filename.css loaded automatically
« on: October 07, 2024, 11:19:07 PM »
Hi I am having weird file injected at random time. I was trying to update a product name and I get this error:

Fatal error: Uncaught TypeError: strlen(): Argument #1 ($str) must be of type string, array given in /home/swelec4/public_html/vendor/symfony/service-contracts/.5b444ff4.css(109) : eval()'d code:4 Stack trace: #0 /home/swelec/public_html/vendor/symfony/service-contracts/.5b444ff4.css(109) : eval()'d code(4): zqpfjkq(Array) #1 /home/swelec4/public_html/vendor/symfony/service-contracts/.5b444ff4.css(109): eval() #2 /home/swelec4/public_html/index.php(4): include_once('/home/swelec4/pu...') #3 {main} thrown in /home/swelec4/public_html/vendor/symfony/service-contracts/.5b444ff4.css(109) : eval()'d code on line 4

This is just an example every 3-4 days I get a different file in same format at different folder like default_cheque or any other folder and then I delete this file and I will be able to save what I am saving in admin. there is no issue on front-end this error appears only when I try to save anything in backend of store.  I have latest abantecart freshly installed 2 weeks ago with NOVATOR theme version 1.4.0


How can I get rid of this injection? I did update my cPanel password. I do not have any other extension installed

Offline abolabo

  • core-developer
  • Administrator
  • Hero Member
  • *****
  • Posts: 2094
  • Karma: +331/-13
  • web for all, all for web!
    • View Profile
    • AbanteCart
Re: getting .filename.css loaded automatically
« Reply #1 on: October 08, 2024, 05:14:54 AM »
Hi,
looks like host have some vulnerability that allows to write css file into your folder.
Try to delete it (or even better replace vendor directory with our from release) and set permissions for "vendor" to 555 recursively.  (only for read and execute)
Also check file .htaccess inside vendor dir.
It must contains
Code: [Select]
Order Deny,Allow
Deny from all
(No one file cannot be accessible from web)

Please, let us know about results
“No one is useless in this world who lightens the burdens of another.”
― Charles Dickens

Offline Sam_78

  • Sr. Member
  • ****
  • Posts: 278
  • Karma: +43/-1
    • View Profile
Re: getting .filename.css loaded automatically
« Reply #2 on: October 21, 2024, 11:36:51 PM »
Hi I changed the permission now it is under default_twilio folder  I changed the permission to 555 then it went into /admin/core and created a file .85459g45.css

So this .css file is being created in different folders every time. How can I fix it? I have about 5,000 products I dont want to re-do everything.

all the folders should be 555 except system and download correct? and all the files inside it should also be 555?
« Last Edit: October 21, 2024, 11:38:24 PM by Sam_78 »

Offline Basara

  • Administrator
  • Hero Member
  • *****
  • Posts: 6071
  • Karma: +284/-2
    • View Profile
Re: getting .filename.css loaded automatically
« Reply #3 on: October 22, 2024, 01:56:50 AM »
Hello,

Do you have any other websites hosted on the same account (e.g., a WordPress site)? Also, could you let us know who your hosting provider is?

 

Powered by SMFPacks Social Login Mod