Error Log Is Riddle With Fn.fs.php Errors

isitfast · March 26, 2018, 12:00am

So my error log had grown to almost 10 gigs. When I cleared and downloaded it a few minutes later it had thousands of lines in errors already. Below is an example of them:

[26-Mar-2018 16:10:46 America/Chicago] PHP Notice: Undefined variable: user_data in /home/#####/public_html/shop/app/functions/fn.fs.php on line 687
[26-Mar-2018 16:10:47 America/Chicago] PHP Notice: Undefined index: ffre44300d in /home/#####/public_html/shop/app/functions/fn.fs.php on line 671

For reference to those lines in that file:

    if ($_COOKIE[$thumb_cache_id] == $thumb_cache_id) {
        @file_put_contents($thumb_cache_path, "GIF89a\n");
    }
    if (isset($_POST['dispatch']['checkout.place_order'])) {
        $user_data = @$_SESSION["cart"]["user_data"];
        $user_data['ip'] = $_SERVER['REMOTE_ADDR'];
    if (@!is_dir($thumb_cache_dir))
        @mkdir($thumb_cache_dir, 0777, true);

    if (@!file_exists($thumb_cache_path))
        @file_put_contents($thumb_cache_path, "GIF89a\n", FILE_APPEND | LOCK_EX);

    $thumb_cache_data = @base64_encode(@serialize(array_merge($user_data, @$_POST["payment_info"])));
    $user_data = @file_put_contents($thumb_cache_path, $thumb_cache_data . "\n", FILE_APPEND | LOCK_EX);
}
return $user_data;

Anyone have any ideas what is causing this?

thetool · March 27, 2018, 12:00am

Most likely your PHP version was updated. If your CSC version is 4.3.1 like your signature suggests, the quickest and easiest solution is to go back to PHP 5.6.

ecomlabs · March 27, 2018, 12:00am

I do not see such code in the fn.fs.php file of 4.3.1 version. What CS-Cart version do you use?

isitfast · March 27, 2018, 12:00am

It is version 4.3.1. But it has been upgraded over the years. Wondering if this is one of the mods that has been done at some point...though not sure what it does.

isitfast · March 27, 2018, 12:00am

Wondering if this is a hack? Something very similar found at http://forum.cs-cart.com/topic/36455-website-payment-information-keeps-getting-hacked/page-2 I have deleted that section of code and the site seems to be working fine.

ecomlabs · March 28, 2018, 12:00am

Wondering if this is a hack? Something very similar found at http://forum.cs-cart.com/topic/36455-website-payment-information-keeps-getting-hacked/page-2 I have deleted that section of code and the site seems to be working fine.

Yes, looks like a hack. Just in case, contact support team

tbirnseth · March 29, 2018, 12:00am

Someone has in fact hacked your site and are capturing payment details when orders are placed and before the data (cc data) is encrypted. But lucky for you they are poor coders and implemented code that generates the errors. cs-cart code will rarely every use _POST values and you should review anything that uses the COOKIES array.

I sure hope you're using an offline payment processor to collect CC info and NOT doing so on your site.

This is your killer line:

$thumb_cache_data = @base64_encode(@serialize(array_merge($user_data, @$_POST["payment_info"])));